tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Check for software pseudo random number generators 

Check for running audio-entropyd, havegd or jitterentropy-rngd.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
This commit is contained in:
Topi Miettinen 2020-03-21 14:12:06 +02:00
parent 695eef64ad
commit 26a54991ba
No known key found for this signature in database
GPG Key ID: 87E1A51C590B0577
2 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
db/tests.db
View File

@ -87,7 +87,8 @@ CORE-1000:test:performance:system_integrity::Check all system binaries:
CRYP-7902:test:security:crypto::Check expire date of SSL certificates:
CRYP-7930:test:security:crypto:Linux:Determine if system uses LUKS encryption:
CRYP-8002:test:security:crypto:Linux:Gather kernel entropy:
CRYP-8004:test:security:crypto:Linux:Presence of hardware number generator:
CRYP-8004:test:security:crypto:Linux:Presence of hardware random number generators:
CRYP-8005:test:security:crypto:Linux:Presence of software pseudo random number generators:
DNS-1600:test:security:dns::Validating that the DNSSEC signatures are checked:
DBS-1804:test:security:databases::Checking active MySQL process:
DBS-1816:test:security:databases::Checking MySQL root password:

26
include/tests_crypto
View File

@ -196,8 +196,8 @@
#################################################################################
#
# Test : CRYP-8004
# Description : Test for presence of random number generators
Register --test-no CRYP-8004 --os Linux --weight L --network NO --root-only NO --category security --description "Presence of random number generators"
# Description : Test for presence of hardware random number generators
Register --test-no CRYP-8004 --os Linux --weight L --network NO --root-only NO --category security --description "Presence of hardware random number generators"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: looking for ${ROOTDIR}sys/class/misc/hw_random/rng_current"
if [ -f "${ROOTDIR}sys/class/misc/hw_random/rng_current" ]; then
@ -223,6 +223,28 @@
fi
#
#################################################################################
#
# Test : CRYP-8005
# Description : Test for presence of software pseudo random number generators
Register --test-no CRYP-8005 --os Linux --weight L --network NO --root-only NO --category security --description "Presence of software pseudo random number generators"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: looking for software pseudo random number generators"
FOUND=""
for SERVICE in audio-entropyd havegd jitterentropy-rngd; do
if IsRunning "${SERVICE}" --full; then
FOUND="${FOUND} ${SERVICE}"
fi
done
if [ -z "${FOUND}" ]; then
Display --indent 2 --text "- SW prng" --result "${STATUS_NO}" --color YELLOW
ReportSuggestion "${TEST_NO}" "Utilize software pseudo random number generators"
else
Display --indent 2 --text "- SW prng" --result "${STATUS_YES}" --color GREEN
LogText "Result: found ${FOUND} running"
fi
fi
#
#################################################################################
#
WaitForKeyPress