tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Style improvements and set directories only when empty

This commit is contained in:
Michael Boelen 2016-10-23 16:26:22 +02:00
parent 270f2e4fb1
commit 26489d03e9
1 changed files with 46 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
lynis
View File

@ -70,7 +70,7 @@
for I in ${tINCLUDE_TARGETS}; do
if [ "${I}" = "./include" ]; then
if [ -d ${WORKDIR}/include ]; then INCLUDEDIR="${WORKDIR}/include"; fi
elif [ -d ${I} ]; then
elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then
INCLUDEDIR=${I}
fi
done
@ -89,7 +89,7 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
for I in ${tDB_TARGETS}; do
if [ "${I}" = "./db" ]; then
if [ -d ${WORKDIR}/db ]; then DBDIR="${WORKDIR}/db"; fi
elif [ -d ${I} ]; then
elif [ -d ${I} -a -z "${DBDIR}" ]; then
DBDIR="${I}"
fi
done
@ -116,7 +116,7 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
# Check user to determine file permissions later on. If we encounter Solaris, use related id binary instead
if [ -x /usr/xpg4/bin/id ]; then
MYID=$(/usr/xpg4/bin/id -u 2> /dev/null)
elif [ `uname` = "SunOS" ]; then
elif [ $(uname) = "SunOS" ]; then
MYID=$(id | tr '=' ' ' | tr '(' ' ' | awk '{ print $2 }' 2> /dev/null)
else
MYID=$(id -u 2> /dev/null)
@ -140,11 +140,11 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
SHOWPERMERROR=0
for FILE in ${FILES_TO_CHECK}; do
PERMS=`ls -l ${INCLUDEDIR}/${FILE} | cut -c 2-10`
GROUPPERMS=`ls -l ${INCLUDEDIR}/${FILE} | cut -c 5-7`
GROUPOWNERID=`ls -n ${INCLUDEDIR}/${FILE} | awk '{ print $4 }'`
OWNER=`ls -l ${INCLUDEDIR}/${FILE} | awk -F" " '{ print $3 }'`
OWNERID=`ls -n ${INCLUDEDIR}/${FILE} | awk -F" " '{ print $3 }'`
PERMS=$(ls -l ${INCLUDEDIR}/${FILE} | cut -c 2-10)
GROUPPERMS=$(ls -l ${INCLUDEDIR}/${FILE} | cut -c 5-7)
GROUPOWNERID=$(ls -n ${INCLUDEDIR}/${FILE} | awk '{ print $4 }')
OWNER=$(ls -l ${INCLUDEDIR}/${FILE} | awk -F" " '{ print $3 }')
OWNERID=$(ls -n ${INCLUDEDIR}/${FILE} | awk -F" " '{ print $3 }')
# Check permissions of include/X file (400, 600, 640, 644)
if [ "${PERMS}" = "rwxrwxrwx" ]; then
@ -226,7 +226,7 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
# Disable logging if no alternative was provided
if [ ${PRIVILEGED} -eq 0 ]; then
if [ "${LOGFILE}" = "" ]; then
if [ -z "${LOGFILE}" ]; then
# Try creating a log file in temporary directory
if [ ! -f /tmp/lynis.log ]; then
touch /tmp/lynis.log
@ -235,7 +235,7 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
LOGFILE="/tmp/lynis.log"
fi
fi
if [ "${REPORTFILE}" = "" ]; then
if [ -z "${REPORTFILE}" ]; then
touch /tmp/lynis-report.dat
if [ $? -eq 0 ]; then REPORTFILE="/tmp/lynis-report.dat"; else REPORTFILE="/dev/null"; fi
fi
@ -288,9 +288,9 @@ ${NORMAL}
DiscoverProfiles
# Initialize and check profile file, auditor name, log file and report file
if [ "${AUDITORNAME}" = "" ]; then AUDITORNAME="[Not Specified]"; fi
if [ "${LOGFILE}" = "" ]; then LOGFILE="/var/log/lynis.log"; fi
if [ "${REPORTFILE}" = "" ]; then REPORTFILE="/var/log/lynis-report.dat"; fi
if [ -z "${AUDITORNAME}" ]; then AUDITORNAME="[Not Specified]"; fi
if [ -z "${LOGFILE}" ]; then LOGFILE="/var/log/lynis.log"; fi
if [ -z "${REPORTFILE}" ]; then REPORTFILE="/var/log/lynis-report.dat"; fi
#
#################################################################################
#
@ -300,7 +300,7 @@ ${NORMAL}
#
# Decide where to write our PID file. For unprivileged users this will be in their home directory, or /tmp if their
# home directory isn't set. For root it will be /var/run, or the current workign directory if /var/run doesn't exist.
MYHOMEDIR=`echo ~ 2> /dev/null`
MYHOMEDIR=$(echo ~ 2> /dev/null)
if [ "${MYHOMEDIR}" = "" ]; then MYHOMEDIR="/tmp"; fi
if [ ${PRIVILEGED} -eq 0 ]; then
@ -342,7 +342,7 @@ ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${
fi
# Ensure symlink attack is not possible, by confirming there is no symlink of the file already
OURPID=`echo $$`
OURPID=$(echo $$)
if [ -L ${PIDFILE} ]; then
echo "Found symlinked PID file (${PIDFILE}), quitting"
ExitFatal
@ -499,7 +499,7 @@ ${NORMAL}
if [ ${CREATE_REPORT_FILE} -eq 1 ]; then echo "# ${PROGRAM_NAME} Report" > ${REPORTFILE}; fi
Report "report_version_major=${REPORT_version_major}"
Report "report_version_minor=${REPORT_version_minor}"
CDATE=`date "+%F %H:%M:%S"`
CDATE=$(date "+%F %H:%M:%S")
Report "report_datetime_start=${CDATE}"
Report "auditor=${AUDITORNAME}"
Report "lynis_version=${PROGRAM_VERSION}"
@ -513,7 +513,7 @@ ${NORMAL}
Report "hostname=${HOSTNAME}"
if [ "${HOSTNAME}" = "" ]; then
if [ -z "${HOSTNAME}" ]; then
HOSTNAME="no-hostname"
LogText "Info: could not find a hostname, using 'no-hostname' instead"
ReportSuggestion "LYNIS" "Check your hostname configuration" "hostname -s"
@ -567,7 +567,7 @@ ${NORMAL}
#LogText "Result: Searching for plugindir"
tPLUGIN_TARGETS="/usr/local/lynis/plugins /usr/local/share/lynis/plugins /usr/share/lynis/plugins /etc/lynis/plugins ./plugins"
for I in ${tPLUGIN_TARGETS}; do
if [ -d ${I} ]; then
if [ -d ${I} -a -z "${PLUGINDIR}" ]; then
PLUGINDIR=${I}
Debug "Result: found plugindir ${PLUGINDIR}"
fi
@ -577,7 +577,7 @@ ${NORMAL}
fi
# Drop out if our plugin directory can't be found
if [ ! -d ${PLUGINDIR} ]; then
if [ -z "${PLUGINDIR}" -o ! -d ${PLUGINDIR} ]; then
echo "Fatal error: can't find plugin directory ${PLUGINDIR}"
echo "Make sure to execute ${PROGRAM_NAME} from untarred directory or check your installation."
exit 1
@ -698,7 +698,7 @@ ${NORMAL}
fi
# Test for older releases, without testing via update mechanism
NOW=`date +%s`
NOW=$(date "+%s")
OLD_RELEASE=0
TIME_DIFFERENCE_CHECK=10368000 # 4 months
RELEASE_PLUS_TIMEDIFF=$((${PROGRAM_RELEASE_TIMESTAMP} + ${TIME_DIFFERENCE_CHECK}))
@ -996,7 +996,7 @@ ${NORMAL}
#
# Store total performed tests
Report "lynis_tests_done=${CTESTS_PERFORMED}"
CDATE=`date "+%F %H:%M:%S"`
CDATE=$(date "+%F %H:%M:%S")
Report "report_datetime_end=${CDATE}"
# Show report