tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Check for /var/db/pkg/pkgs-vulnerabilities presence before performing audit with pkg_admin [PKGS-7381]

This commit is contained in:
mboelen 2014-12-05 19:43:35 +01:00
parent 951afea1f3
commit 1fa4416a7a
1 changed files with 27 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
include/tests_ports_packages
View File

@ -179,7 +179,6 @@
report "installed_package[]=${J}||" report "installed_package[]=${J}||"
done done
report "installed_packages=${N}" report "installed_packages=${N}"
fi fi
else else
logtext "Result: RPM binary NOT found on this system, test skipped" logtext "Result: RPM binary NOT found on this system, test skipped"
@ -399,6 +398,11 @@
fi fi
# #
################################################################################# #################################################################################
#
# Test : PKGS-7370
# Description : Check debsums output
#
#################################################################################
# #
# Test : PKGS-7378 # Test : PKGS-7378
# Description : Query FreeBSD portmaster for available port upgrades # Description : Query FreeBSD portmaster for available port upgrades
@ -429,24 +433,30 @@
Register --test-no PKGS-7381 --os NetBSD --weight L --network NO --description "Check for vulnerable NetBSD packages" Register --test-no PKGS-7381 --os NetBSD --weight L --network NO --description "Check for vulnerable NetBSD packages"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
if [ -x /usr/sbin/pkg_admin ]; then if [ -x /usr/sbin/pkg_admin ]; then
FIND=`/usr/sbin/pkg_admin audit`
PKG_AUDIT_TOOL_FOUND=1 PKG_AUDIT_TOOL_FOUND=1
PKG_AUDIT_TOOL="pkg_admin audit" PKG_AUDIT_TOOL="pkg_admin audit"
if [ "${FIND}" = "" ]; then if [ -f /var/db/pkg/pkgs-vulnerabilities ]; then
logtext "Result: pkg audit results are clean" FIND=`/usr/sbin/pkg_admin audit`
Display --indent 2 --text "- Checking pkg_admin audit to obtain vulnerable packages" --result NONE --color GREEN if [ "${FIND}" = "" ]; then
AddHP 2 2 logtext "Result: pkg audit results are clean"
else Display --indent 2 --text "- Checking pkg_admin audit to obtain vulnerable packages" --result NONE --color GREEN
Display --indent 2 --text "- Checking pkg_admin audit to obtain vulnerable packages" --result WARNING --color RED AddHP 2 2
logtext "Result: pkg_admin audit found one or more installed packages which are vulnerable." else
ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages." Display --indent 2 --text "- Checking pkg_admin audit to obtain vulnerable packages" --result WARNING --color RED
logtext "List of vulnerable packages/version:" logtext "Result: pkg_admin audit found one or more installed packages which are vulnerable."
for I in `/usr/sbin/pkg_admin audit | awk '{ print $2 }' | sort | uniq`; do ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages."
report "vulnerable_package[]=${I}" logtext "List of vulnerable packages/version:"
logtext "Vulnerable package: ${I}" for I in `/usr/sbin/pkg_admin audit | awk '{ print $2 }' | sort | uniq`; do
# Decrease hardening points for every found vulnerable package report "vulnerable_package[]=${I}"
AddHP 1 2 logtext "Vulnerable package: ${I}"
done # Decrease hardening points for every found vulnerable package
AddHP 1 2
done
fi
else
ReportSuggestion "${TEST_NO}" "Fetch the package database with pkg_admin fetch-pkg-vulnerabilities"
AddHP 0 2
fi fi
else else
Display --indent 2 --text "- pkg_admin audit not installed" --result "NOT FOUND" --color WHITE Display --indent 2 --text "- pkg_admin audit not installed" --result "NOT FOUND" --color WHITE