Merge branch 'CISOfy:master' into wazuh-malware-scan

2022-08-29 15:40:23 +03:00 · 2022-08-29 15:40:23 +03:00 · 2788d9fff3
parent 32a39eaaf8 b53d6a80d7
commit 2788d9fff3
2 changed files with 26 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,12 @@
 # Lynis Changelog

+## Lynis 3.0.9 (not released yet)
+
+### Changed
+- DBS-1820 - added newer style format for Mongo authorization setting
+
+---------------------------------------------------------------------------------
+
 ## Lynis 3.0.8 (2022-05-17)

 ### Added
--- a/include/tests_databases
+++ b/include/tests_databases
@ -127,12 +127,25 @@
            for FILE in ${MONGO_CONF_FILES}; do
                if [ -f ${FILE} ]; then
                    LogText "Result: found MongoDB configuration file (${FILE})"
-                    LogText "Test: determine authorization setting in new style YAML format"
-                    AUTH_IN_CONFIG=$(${GREPBINARY} "authorization: enabled" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)")
-                    if HasData "${AUTH_IN_CONFIG}"; then
-                        LogText "Result: GOOD, found authorization option enabled in configuration file (YAML format)"
-                        MONGODB_AUTHORIZATION_ENABLED=1
-                    else
+                    # YAML with quotes
+                    if [ ${MONGODB_AUTHORIZATION_ENABLED} -eq 0 ]; then
+                        LogText "Test: determine authorization setting in new style YAML format"
+                        AUTH_IN_CONFIG=$(${GREPBINARY} "authorization: \"enabled\"" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)")
+                        if HasData "${AUTH_IN_CONFIG}"; then
+                            LogText "Result: GOOD, found authorization option enabled in configuration file (YAML format with quotes)"
+                            MONGODB_AUTHORIZATION_ENABLED=1
+                        fi
+                    fi
+                    # YAML without quotes
+                    if [ ${MONGODB_AUTHORIZATION_ENABLED} -eq 0 ]; then
+                        AUTH_IN_CONFIG=$(${GREPBINARY} "authorization: enabled" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)")
+                        if HasData "${AUTH_IN_CONFIG}"; then
+                            LogText "Result: GOOD, found authorization option enabled in configuration file (YAML format without quotes)"
+                            MONGODB_AUTHORIZATION_ENABLED=1
+                        fi
+                    fi
+                    # Old style
+                    if [ ${MONGODB_AUTHORIZATION_ENABLED} -eq 0 ]; then
                        LogText "Result: did NOT find authorization option enabled in configuration file (with YAML format)"
                        LogText "Test: now searching for old style configuration (auth = true) in configuration file"
                        AUTH_IN_CONFIG=$(${GREPBINARY} "auth = true" ${FILE} | ${GREPBINARY} -v "noauth" | ${GREPBINARY} -E -v "(^#|#auth)")