tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Replace repetitive echo commands with single printf statement 

* Format includedir conditional

Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>

* Clean echos from security check message

Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>

* Clean echos from Beta disclaimer

Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>

* Clean echos from 2 instances of Lynis conditional

Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>

* Format the 'Bail out if no param' condtitional

Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>

* Format the 'non-priviledged scan mode' message

Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>
This commit is contained in:
Mincă Daniel Andrei 2016-04-04 14:18:35 +03:00 committed by Michael Boelen
parent 95944c0035
commit 287a0e72a5
1 changed files with 135 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

259
lynis
View File

@ -69,10 +69,10 @@
for I in ${tINCLUDE_TARGETS}; do if [ -d ${I} ]; then INCLUDEDIR=${I}; fi; done
# Drop out if our include directory can't be found
if [ "${INCLUDEDIR}" = "" ]; then
echo "Fatal error: can't find include directory"
echo "Make sure to execute ${PROGRAM_name} from untarred directory or check your installation."
printf "%s" "
Fatal error: can't find include directory
Make sure to execute ${PROGRAM_name} from untarred directory or check your installation."
exit 1
fi
@ -134,37 +134,39 @@
fi
fi
if [ ${SHOWPERMERROR} -eq 1 ]; then
echo ""
echo "[!] Change ownership of ${INCLUDEDIR}/${FILE} to 'root' or similar (found: ${OWNER} with UID ${OWNERID})."
echo ""
echo " Command:"
echo " # chown 0:0 ${INCLUDEDIR}/${FILE}"
echo ""
printf "%s" "
[!] Change ownership of ${INCLUDEDIR}/${FILE} to 'root' or similar (found: ${OWNER} with UID ${OWNERID}).
Command:
# chown 0:0 ${INCLUDEDIR}/${FILE}
"
fi
# Now if there is an issue with permissions, show it to the user and let them decide how to continue.
if [ ${ISSUE} -eq 1 ]; then
echo ""
echo "[X] Security check failed"
echo ""
echo " Why do I see this error?"
echo " -------------------------------"
echo " This is a protection mechanism to prevent the root user from executing user created files. The files may be altered, or including malicious pieces of script."
echo ""; echo ""
echo " What can I do?"
echo " ---------------------"
echo " Option 1) Check if a trusted user created the files (e.g. due to using Git, Homebrew or similar)."
echo " If you trust these files, you can decide to continue this run by pressing ENTER."
echo ""
echo " Option 2) Change ownership and permissions of the related files (or full directory)."
echo ""
echo " Commands (full directory):"
echo " # cd .."
echo " # chown -R 0:0 lynis"
echo " # cd lynis"
echo " ./lynis audit system"
echo ""; echo "";
echo "[ Press ENTER to continue, or CTRL+C to cancel ]"
printf "%s" "
[X] Security check failed
Why do I see this error?
-------------------------------
This is a protection mechanism to prevent the root user from executing user created files. The files may be altered, or including malicious pieces of script.
What can I do?
---------------------
Option 1) Check if a trusted user created the files (e.g. due to using Git, Homebrew or similar).
If you trust these files, you can decide to continue this run by pressing ENTER.
Option 2) Change ownership and permissions of the related files (or full directory).
Commands (full directory):
# cd ..
# chown -R 0:0 lynis
# cd lynis
./lynis audit system
[ Press ENTER to continue, or CTRL+C to cancel ]"
read DUMMY
fi
. ${INCLUDEDIR}/consts
@ -255,31 +257,34 @@
#
if [ ${QUIET} -eq 0 ]; then
echo ""
echo "${WHITE}[ ${PROGRAM_name} ${PROGRAM_version} ]${NORMAL}"
echo ""
echo "################################################################################"
echo " ${PROGRAM_license}"
echo ""
echo " ${PROGRAM_copyright}"
echo " ${PROGRAM_extrainfo}"
echo "################################################################################"
printf "%s" "
${WHITE}[ ${PROGRAM_name} ${PROGRAM_version} ]${NORMAL}
################################################################################
${PROGRAM_license}
${PROGRAM_copyright}
${PROGRAM_extrainfo}
################################################################################"
fi
if [ "${PROGRAM_releasetype}" = "beta" ]; then
echo "${WHITE}"
echo " #########################################################"
echo " # ${YELLOW}BETA VERSION${WHITE} #"
echo " #########################################################"
echo ""
echo " Thank you for testing a beta release. Make sure to read"
echo " all available documentation before proceeding and/or"
echo " requesting support. Due the nature of beta releases, it"
echo " is possible new features give unexpected warnings."
echo ""
echo ""
echo " #########################################################"
echo "${NORMAL}"; echo ""
printf "%s" "
${WHITE}
#########################################################
# ${YELLOW}BETA VERSION${WHITE} #
#########################################################
Thank you for testing a beta release. Make sure to read
all available documentation before proceeding and/or
requesting support. Due the nature of beta releases, it
is possible new features give unexpected warnings.
#########################################################
${NORMAL}
"
fi
#
#################################################################################
@ -332,18 +337,19 @@
# Check if there is already a PID file in any of the locations (incorrect termination of previous instance)
if [ -f "${MYHOMEDIR}/lynis.pid" -o -f "./lynis.pid" -o -f "/var/run/lynis.pid" ]; then
echo ""
echo " ${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}"
echo " ------------------------------------------------------------------------------"
echo " If you are unsure another Lynis process is running currently, you are advised "
echo " to stop current process and check the process list first. If you cancelled"
echo " (by using CTRL+C) a previous instance, you can ignore this message."
echo " "
echo " You are advised to check for temporary files after program completion."
echo " ------------------------------------------------------------------------------"
echo ""
echo " ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${NORMAL}"
echo ""
printf "%s" "
${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}
------------------------------------------------------------------------------
If you are unsure another Lynis process is running currently, you are advised
to stop current process and check the process list first. If you cancelled
(by using CTRL+C) a previous instance, you can ignore this message.
You are advised to check for temporary files after program completion.
------------------------------------------------------------------------------
${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${NORMAL}
"
wait_for_keypress
# Deleting any stale PID files that might exist. Note: Display function does not work yet at this point
@ -371,46 +377,47 @@
#
# Bail out if we didn't get any parameter, or incorrect ones
if [ ${PARAMCOUNT} -eq 0 -o ${WRONGOPTION} -eq 1 -o ${VIEWHELP} -eq 1 ]; then
echo ""
echo " Usage: lynis ${WHITE}[options] ${CYAN}mode${NORMAL}"
echo ""
echo ""
echo " ${CYAN}Mode:${NORMAL}"
echo ""
echo " ${GREEN}audit${NORMAL}"
echo " audit system : Perform security scan"
echo " audit dockerfile <file> : Analyze Dockerfile"
echo ""
echo " ${GREEN}update${NORMAL}"
echo " update info : Show update details"
echo " update release : Update Lynis release"
echo ""
echo ""
echo " ${WHITE}Scan options:${NORMAL}"
echo " --auditor \"<name>\" : Auditor name"
echo " --dump-options : See all available options"
echo " --no-log : Don't create a log file"
echo " --pentest : Non-privileged scan (useful for pentest)"
echo " --profile <profile> : Scan the system with the given profile file"
echo " --quick (-Q) : Quick mode, don't wait for user input"
echo " --tests \"<tests>\" : Run only tests defined by <tests>"
echo " --tests-category \"<category>\" : Run only tests defined by <category>"
echo ""
echo " ${WHITE}Layout options:${NORMAL}"
echo " --no-colors : Don't use colors in output"
echo " --quiet (-q) : No output, except warnings"
echo " --reverse-colors : Optimize color display for light backgrounds"
echo ""
echo " ${WHITE}Misc options:${NORMAL}"
echo " --debug : Debug logging to screen"
echo " --view-manpage (--man) : View man page"
echo " --version (-V) : Display version number and quit"
echo ""
echo " ${WHITE}Enterprise options:${NORMAL}"
echo " --plugin-dir \"<path>\" : Define path of available plugins"
echo " --upload : Upload data to central node"
echo ""
echo ""
printf "%s" "
Usage: lynis ${WHITE}[options] ${CYAN}mode${NORMAL}
${CYAN}Mode:${NORMAL}
${GREEN}audit${NORMAL}
audit system : Perform security scan
audit dockerfile <file> : Analyze Dockerfile
${GREEN}update${NORMAL}
update info : Show update details
update release : Update Lynis release
${WHITE}Scan options:${NORMAL}
--auditor \"<name>\" : Auditor name
--dump-options : See all available options
--no-log : Don't create a log file
--pentest : Non-privileged scan (useful for pentest)
--profile <profile> : Scan the system with the given profile file
--quick (-Q) : Quick mode, don't wait for user input
--tests \"<tests>\" : Run only tests defined by <tests>
--tests-category \"<category>\" : Run only tests defined by <category>
${WHITE}Layout options:${NORMAL}
--no-colors : Don't use colors in output
--quiet (-q) : No output, except warnings
--reverse-colors : Optimize color display for light backgrounds
${WHITE}Misc options:${NORMAL}
--debug : Debug logging to screen
--view-manpage (--man) : View man page
--version (-V) : Display version number and quit
${WHITE}Enterprise options:${NORMAL}
--plugin-dir \"<path>\" : Define path of available plugins
--upload : Upload data to central node
"
if [ ${WRONGOPTION} -eq 1 ]; then
echo " ${RED}Error${NORMAL}: ${WHITE}Invalid option '${WRONGOPTION_value}'${NORMAL}"
@ -431,28 +438,32 @@
#################################################################################
#
if [ ${PRIVILEGED} -eq 0 ]; then
echo "${WHITE}"
echo " ###################################################################"
echo " # #"
echo " # ${PURPLE}NON-PRIVILEGED SCAN MODE${WHITE} #"
echo " # #"
echo " ###################################################################"
echo "${NORMAL}"
echo " ${YELLOW}NOTES:${NORMAL}"
echo " --------------"
echo " ${WHITE}*${NORMAL} Some tests will be skipped (as they require root permissions)"
echo " ${WHITE}*${NORMAL} Some tests might fail silently or give different results"
echo ""
printf "%s" "
${WHITE}
###################################################################
# #
# ${PURPLE}NON-PRIVILEGED SCAN MODE${WHITE} #
# #
###################################################################
${NORMAL}
${YELLOW}NOTES:${NORMAL}
--------------
${WHITE}*${NORMAL} Some tests will be skipped (as they require root permissions)
${WHITE}*${NORMAL} Some tests might fail silently or give different results
"
if [ "${LOGFILE}" = "" -o "${LOGFILE}" = "/dev/null" ]; then
echo " ${RED}WARNING:${NORMAL}"
echo " ${WHITE}*${NORMAL} No suggestions or warnings will be displayed in report (due to missing log file)"
echo ""
printf "%s" "
${RED}WARNING:${NORMAL}
${WHITE}*${NORMAL} No suggestions or warnings will be displayed in report (due to missing log file)
"
fi
echo ""
echo " ${WHITE}Press [ENTER] to continue or [CTRL] + C to break${NORMAL}"
echo ""
echo " ###################################################################"
echo "${NORMAL}"; echo ""
printf "%s" "
${WHITE}Press [ENTER] to continue or [CTRL] + C to break${NORMAL}
###################################################################
${NORMAL}
"
if [ ${QUICKMODE} -eq 0 ]; then read void; fi
fi
#