tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-21 04:44:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Style improvements and set directories only when empty

Browse Source
This commit is contained in:
Michael Boelen 2016-10-23 16:26:22 +02:00
parent 270f2e4fb1
commit 26489d03e9
1 changed files with 46 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
lynis
View File

@ -70,7 +70,7 @@
for I in ${tINCLUDE_TARGETS}; do for I in ${tINCLUDE_TARGETS}; do
if [ "${I}" = "./include" ]; then if [ "${I}" = "./include" ]; then
if [ -d ${WORKDIR}/include ]; then INCLUDEDIR="${WORKDIR}/include"; fi if [ -d ${WORKDIR}/include ]; then INCLUDEDIR="${WORKDIR}/include"; fi
elif [ -d ${I} ]; then elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then
INCLUDEDIR=${I} INCLUDEDIR=${I}
fi fi
done done
@ -89,7 +89,7 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
for I in ${tDB_TARGETS}; do for I in ${tDB_TARGETS}; do
if [ "${I}" = "./db" ]; then if [ "${I}" = "./db" ]; then
if [ -d ${WORKDIR}/db ]; then DBDIR="${WORKDIR}/db"; fi if [ -d ${WORKDIR}/db ]; then DBDIR="${WORKDIR}/db"; fi
elif [ -d ${I} ]; then elif [ -d ${I} -a -z "${DBDIR}" ]; then
DBDIR="${I}" DBDIR="${I}"
fi fi
done done
@ -116,7 +116,7 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
# Check user to determine file permissions later on. If we encounter Solaris, use related id binary instead # Check user to determine file permissions later on. If we encounter Solaris, use related id binary instead
if [ -x /usr/xpg4/bin/id ]; then if [ -x /usr/xpg4/bin/id ]; then
MYID=$(/usr/xpg4/bin/id -u 2> /dev/null) MYID=$(/usr/xpg4/bin/id -u 2> /dev/null)
elif [ `uname` = "SunOS" ]; then elif [ $(uname) = "SunOS" ]; then
MYID=$(id | tr '=' ' ' | tr '(' ' ' | awk '{ print $2 }' 2> /dev/null) MYID=$(id | tr '=' ' ' | tr '(' ' ' | awk '{ print $2 }' 2> /dev/null)
else else
MYID=$(id -u 2> /dev/null) MYID=$(id -u 2> /dev/null)
@ -140,11 +140,11 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
SHOWPERMERROR=0 SHOWPERMERROR=0
for FILE in ${FILES_TO_CHECK}; do for FILE in ${FILES_TO_CHECK}; do
PERMS=`ls -l ${INCLUDEDIR}/${FILE} | cut -c 2-10` PERMS=$(ls -l ${INCLUDEDIR}/${FILE} | cut -c 2-10)
GROUPPERMS=`ls -l ${INCLUDEDIR}/${FILE} | cut -c 5-7` GROUPPERMS=$(ls -l ${INCLUDEDIR}/${FILE} | cut -c 5-7)
GROUPOWNERID=`ls -n ${INCLUDEDIR}/${FILE} | awk '{ print $4 }'` GROUPOWNERID=$(ls -n ${INCLUDEDIR}/${FILE} | awk '{ print $4 }')
OWNER=`ls -l ${INCLUDEDIR}/${FILE} | awk -F" " '{ print $3 }'` OWNER=$(ls -l ${INCLUDEDIR}/${FILE} | awk -F" " '{ print $3 }')
OWNERID=`ls -n ${INCLUDEDIR}/${FILE} | awk -F" " '{ print $3 }'` OWNERID=$(ls -n ${INCLUDEDIR}/${FILE} | awk -F" " '{ print $3 }')
# Check permissions of include/X file (400, 600, 640, 644) # Check permissions of include/X file (400, 600, 640, 644)
if [ "${PERMS}" = "rwxrwxrwx" ]; then if [ "${PERMS}" = "rwxrwxrwx" ]; then
@ -226,7 +226,7 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
# Disable logging if no alternative was provided # Disable logging if no alternative was provided
if [ ${PRIVILEGED} -eq 0 ]; then if [ ${PRIVILEGED} -eq 0 ]; then
if [ "${LOGFILE}" = "" ]; then if [ -z "${LOGFILE}" ]; then
# Try creating a log file in temporary directory # Try creating a log file in temporary directory
if [ ! -f /tmp/lynis.log ]; then if [ ! -f /tmp/lynis.log ]; then
touch /tmp/lynis.log touch /tmp/lynis.log
@ -235,7 +235,7 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
LOGFILE="/tmp/lynis.log" LOGFILE="/tmp/lynis.log"
fi fi
fi fi
if [ "${REPORTFILE}" = "" ]; then if [ -z "${REPORTFILE}" ]; then
touch /tmp/lynis-report.dat touch /tmp/lynis-report.dat
if [ $? -eq 0 ]; then REPORTFILE="/tmp/lynis-report.dat"; else REPORTFILE="/dev/null"; fi if [ $? -eq 0 ]; then REPORTFILE="/tmp/lynis-report.dat"; else REPORTFILE="/dev/null"; fi
fi fi
@ -288,9 +288,9 @@ ${NORMAL}
DiscoverProfiles DiscoverProfiles
# Initialize and check profile file, auditor name, log file and report file # Initialize and check profile file, auditor name, log file and report file
if [ "${AUDITORNAME}" = "" ]; then AUDITORNAME="[Not Specified]"; fi if [ -z "${AUDITORNAME}" ]; then AUDITORNAME="[Not Specified]"; fi
if [ "${LOGFILE}" = "" ]; then LOGFILE="/var/log/lynis.log"; fi if [ -z "${LOGFILE}" ]; then LOGFILE="/var/log/lynis.log"; fi
if [ "${REPORTFILE}" = "" ]; then REPORTFILE="/var/log/lynis-report.dat"; fi if [ -z "${REPORTFILE}" ]; then REPORTFILE="/var/log/lynis-report.dat"; fi
# #
################################################################################# #################################################################################
# #
@ -300,7 +300,7 @@ ${NORMAL}
# #
# Decide where to write our PID file. For unprivileged users this will be in their home directory, or /tmp if their # Decide where to write our PID file. For unprivileged users this will be in their home directory, or /tmp if their
# home directory isn't set. For root it will be /var/run, or the current workign directory if /var/run doesn't exist. # home directory isn't set. For root it will be /var/run, or the current workign directory if /var/run doesn't exist.
MYHOMEDIR=`echo ~ 2> /dev/null` MYHOMEDIR=$(echo ~ 2> /dev/null)
if [ "${MYHOMEDIR}" = "" ]; then MYHOMEDIR="/tmp"; fi if [ "${MYHOMEDIR}" = "" ]; then MYHOMEDIR="/tmp"; fi
if [ ${PRIVILEGED} -eq 0 ]; then if [ ${PRIVILEGED} -eq 0 ]; then
@ -342,7 +342,7 @@ ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${
fi fi
# Ensure symlink attack is not possible, by confirming there is no symlink of the file already # Ensure symlink attack is not possible, by confirming there is no symlink of the file already
OURPID=`echo $$` OURPID=$(echo $$)
if [ -L ${PIDFILE} ]; then if [ -L ${PIDFILE} ]; then
echo "Found symlinked PID file (${PIDFILE}), quitting" echo "Found symlinked PID file (${PIDFILE}), quitting"
ExitFatal ExitFatal
@ -499,7 +499,7 @@ ${NORMAL}
if [ ${CREATE_REPORT_FILE} -eq 1 ]; then echo "# ${PROGRAM_NAME} Report" > ${REPORTFILE}; fi if [ ${CREATE_REPORT_FILE} -eq 1 ]; then echo "# ${PROGRAM_NAME} Report" > ${REPORTFILE}; fi
Report "report_version_major=${REPORT_version_major}" Report "report_version_major=${REPORT_version_major}"
Report "report_version_minor=${REPORT_version_minor}" Report "report_version_minor=${REPORT_version_minor}"
CDATE=`date "+%F %H:%M:%S"` CDATE=$(date "+%F %H:%M:%S")
Report "report_datetime_start=${CDATE}" Report "report_datetime_start=${CDATE}"
Report "auditor=${AUDITORNAME}" Report "auditor=${AUDITORNAME}"
Report "lynis_version=${PROGRAM_VERSION}" Report "lynis_version=${PROGRAM_VERSION}"
@ -513,7 +513,7 @@ ${NORMAL}
Report "hostname=${HOSTNAME}" Report "hostname=${HOSTNAME}"
if [ "${HOSTNAME}" = "" ]; then if [ -z "${HOSTNAME}" ]; then
HOSTNAME="no-hostname" HOSTNAME="no-hostname"
LogText "Info: could not find a hostname, using 'no-hostname' instead" LogText "Info: could not find a hostname, using 'no-hostname' instead"
ReportSuggestion "LYNIS" "Check your hostname configuration" "hostname -s" ReportSuggestion "LYNIS" "Check your hostname configuration" "hostname -s"
@ -567,7 +567,7 @@ ${NORMAL}
#LogText "Result: Searching for plugindir" #LogText "Result: Searching for plugindir"
tPLUGIN_TARGETS="/usr/local/lynis/plugins /usr/local/share/lynis/plugins /usr/share/lynis/plugins /etc/lynis/plugins ./plugins" tPLUGIN_TARGETS="/usr/local/lynis/plugins /usr/local/share/lynis/plugins /usr/share/lynis/plugins /etc/lynis/plugins ./plugins"
for I in ${tPLUGIN_TARGETS}; do for I in ${tPLUGIN_TARGETS}; do
if [ -d ${I} ]; then if [ -d ${I} -a -z "${PLUGINDIR}" ]; then
PLUGINDIR=${I} PLUGINDIR=${I}
Debug "Result: found plugindir ${PLUGINDIR}" Debug "Result: found plugindir ${PLUGINDIR}"
fi fi
@ -577,7 +577,7 @@ ${NORMAL}
fi fi
# Drop out if our plugin directory can't be found # Drop out if our plugin directory can't be found
if [ ! -d ${PLUGINDIR} ]; then if [ -z "${PLUGINDIR}" -o ! -d ${PLUGINDIR} ]; then
echo "Fatal error: can't find plugin directory ${PLUGINDIR}" echo "Fatal error: can't find plugin directory ${PLUGINDIR}"
echo "Make sure to execute ${PROGRAM_NAME} from untarred directory or check your installation." echo "Make sure to execute ${PROGRAM_NAME} from untarred directory or check your installation."
exit 1 exit 1
@ -698,7 +698,7 @@ ${NORMAL}
fi fi
# Test for older releases, without testing via update mechanism # Test for older releases, without testing via update mechanism
NOW=`date +%s` NOW=$(date "+%s")
OLD_RELEASE=0 OLD_RELEASE=0
TIME_DIFFERENCE_CHECK=10368000 # 4 months TIME_DIFFERENCE_CHECK=10368000 # 4 months
RELEASE_PLUS_TIMEDIFF=$((${PROGRAM_RELEASE_TIMESTAMP} + ${TIME_DIFFERENCE_CHECK})) RELEASE_PLUS_TIMEDIFF=$((${PROGRAM_RELEASE_TIMESTAMP} + ${TIME_DIFFERENCE_CHECK}))
@ -996,7 +996,7 @@ ${NORMAL}
# #
# Store total performed tests # Store total performed tests
Report "lynis_tests_done=${CTESTS_PERFORMED}" Report "lynis_tests_done=${CTESTS_PERFORMED}"
CDATE=`date "+%F %H:%M:%S"` CDATE=$(date "+%F %H:%M:%S")
Report "report_datetime_end=${CDATE}" Report "report_datetime_end=${CDATE}"
# Show report # Show report