tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-30 17:24:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Replace repetitive echo commands with single printf statement

Browse Source 
* Format includedir conditional

Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>

* Clean echos from security check message

Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>

* Clean echos from Beta disclaimer

Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>

* Clean echos from 2 instances of Lynis conditional

Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>

* Format the 'Bail out if no param' condtitional

Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>

* Format the 'non-priviledged scan mode' message

Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>
This commit is contained in:
Mincă Daniel Andrei 2016-04-04 14:18:35 +03:00 committed by Michael Boelen
parent 95944c0035
commit 287a0e72a5
1 changed files with 135 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

259
lynis
View File

@ -69,10 +69,10 @@
for I in ${tINCLUDE_TARGETS}; do if [ -d ${I} ]; then INCLUDEDIR=${I}; fi; done for I in ${tINCLUDE_TARGETS}; do if [ -d ${I} ]; then INCLUDEDIR=${I}; fi; done
# Drop out if our include directory can't be found # Drop out if our include directory can't be found
if [ "${INCLUDEDIR}" = "" ]; then if [ "${INCLUDEDIR}" = "" ]; then
echo "Fatal error: can't find include directory" printf "%s" "
echo "Make sure to execute ${PROGRAM_name} from untarred directory or check your installation." Fatal error: can't find include directory
Make sure to execute ${PROGRAM_name} from untarred directory or check your installation."
exit 1 exit 1
fi fi
@ -134,37 +134,39 @@
fi fi
fi fi
if [ ${SHOWPERMERROR} -eq 1 ]; then if [ ${SHOWPERMERROR} -eq 1 ]; then
echo "" printf "%s" "
echo "[!] Change ownership of ${INCLUDEDIR}/${FILE} to 'root' or similar (found: ${OWNER} with UID ${OWNERID})."
echo "" [!] Change ownership of ${INCLUDEDIR}/${FILE} to 'root' or similar (found: ${OWNER} with UID ${OWNERID}).
echo " Command:"
echo " # chown 0:0 ${INCLUDEDIR}/${FILE}" Command:
echo "" # chown 0:0 ${INCLUDEDIR}/${FILE}
"
fi fi
# Now if there is an issue with permissions, show it to the user and let them decide how to continue. # Now if there is an issue with permissions, show it to the user and let them decide how to continue.
if [ ${ISSUE} -eq 1 ]; then if [ ${ISSUE} -eq 1 ]; then
echo "" printf "%s" "
echo "[X] Security check failed" [X] Security check failed
echo ""
echo " Why do I see this error?" Why do I see this error?
echo " -------------------------------" -------------------------------
echo " This is a protection mechanism to prevent the root user from executing user created files. The files may be altered, or including malicious pieces of script." This is a protection mechanism to prevent the root user from executing user created files. The files may be altered, or including malicious pieces of script.
echo ""; echo ""
echo " What can I do?" What can I do?
echo " ---------------------" ---------------------
echo " Option 1) Check if a trusted user created the files (e.g. due to using Git, Homebrew or similar)." Option 1) Check if a trusted user created the files (e.g. due to using Git, Homebrew or similar).
echo " If you trust these files, you can decide to continue this run by pressing ENTER." If you trust these files, you can decide to continue this run by pressing ENTER.
echo ""
echo " Option 2) Change ownership and permissions of the related files (or full directory)." Option 2) Change ownership and permissions of the related files (or full directory).
echo ""
echo " Commands (full directory):" Commands (full directory):
echo " # cd .." # cd ..
echo " # chown -R 0:0 lynis" # chown -R 0:0 lynis
echo " # cd lynis" # cd lynis
echo " ./lynis audit system" ./lynis audit system
echo ""; echo "";
echo "[ Press ENTER to continue, or CTRL+C to cancel ]"
[ Press ENTER to continue, or CTRL+C to cancel ]"
read DUMMY read DUMMY
fi fi
. ${INCLUDEDIR}/consts . ${INCLUDEDIR}/consts
@ -255,31 +257,34 @@
# #
if [ ${QUIET} -eq 0 ]; then if [ ${QUIET} -eq 0 ]; then
echo "" printf "%s" "
echo "${WHITE}[ ${PROGRAM_name} ${PROGRAM_version} ]${NORMAL}"
echo "" ${WHITE}[ ${PROGRAM_name} ${PROGRAM_version} ]${NORMAL}
echo "################################################################################"
echo " ${PROGRAM_license}" ################################################################################
echo "" ${PROGRAM_license}
echo " ${PROGRAM_copyright}"
echo " ${PROGRAM_extrainfo}" ${PROGRAM_copyright}
echo "################################################################################" ${PROGRAM_extrainfo}
################################################################################"
fi fi
if [ "${PROGRAM_releasetype}" = "beta" ]; then if [ "${PROGRAM_releasetype}" = "beta" ]; then
echo "${WHITE}" printf "%s" "
echo " #########################################################" ${WHITE}
echo " # ${YELLOW}BETA VERSION${WHITE} #" #########################################################
echo " #########################################################" # ${YELLOW}BETA VERSION${WHITE} #
echo "" #########################################################
echo " Thank you for testing a beta release. Make sure to read"
echo " all available documentation before proceeding and/or" Thank you for testing a beta release. Make sure to read
echo " requesting support. Due the nature of beta releases, it" all available documentation before proceeding and/or
echo " is possible new features give unexpected warnings." requesting support. Due the nature of beta releases, it
echo "" is possible new features give unexpected warnings.
echo ""
echo " #########################################################"
echo "${NORMAL}"; echo "" #########################################################
${NORMAL}
"
fi fi
# #
################################################################################# #################################################################################
@ -332,18 +337,19 @@
# Check if there is already a PID file in any of the locations (incorrect termination of previous instance) # Check if there is already a PID file in any of the locations (incorrect termination of previous instance)
if [ -f "${MYHOMEDIR}/lynis.pid" -o -f "./lynis.pid" -o -f "/var/run/lynis.pid" ]; then if [ -f "${MYHOMEDIR}/lynis.pid" -o -f "./lynis.pid" -o -f "/var/run/lynis.pid" ]; then
echo "" printf "%s" "
echo " ${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}"
echo " ------------------------------------------------------------------------------" ${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}
echo " If you are unsure another Lynis process is running currently, you are advised " ------------------------------------------------------------------------------
echo " to stop current process and check the process list first. If you cancelled" If you are unsure another Lynis process is running currently, you are advised
echo " (by using CTRL+C) a previous instance, you can ignore this message." to stop current process and check the process list first. If you cancelled
echo " " (by using CTRL+C) a previous instance, you can ignore this message.
echo " You are advised to check for temporary files after program completion."
echo " ------------------------------------------------------------------------------" You are advised to check for temporary files after program completion.
echo "" ------------------------------------------------------------------------------
echo " ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${NORMAL}"
echo "" ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${NORMAL}
"
wait_for_keypress wait_for_keypress
# Deleting any stale PID files that might exist. Note: Display function does not work yet at this point # Deleting any stale PID files that might exist. Note: Display function does not work yet at this point
@ -371,46 +377,47 @@
# #
# Bail out if we didn't get any parameter, or incorrect ones # Bail out if we didn't get any parameter, or incorrect ones
if [ ${PARAMCOUNT} -eq 0 -o ${WRONGOPTION} -eq 1 -o ${VIEWHELP} -eq 1 ]; then if [ ${PARAMCOUNT} -eq 0 -o ${WRONGOPTION} -eq 1 -o ${VIEWHELP} -eq 1 ]; then
echo "" printf "%s" "
echo " Usage: lynis ${WHITE}[options] ${CYAN}mode${NORMAL}"
echo "" Usage: lynis ${WHITE}[options] ${CYAN}mode${NORMAL}
echo ""
echo " ${CYAN}Mode:${NORMAL}"
echo "" ${CYAN}Mode:${NORMAL}
echo " ${GREEN}audit${NORMAL}"
echo " audit system : Perform security scan" ${GREEN}audit${NORMAL}
echo " audit dockerfile <file> : Analyze Dockerfile" audit system : Perform security scan
echo "" audit dockerfile <file> : Analyze Dockerfile
echo " ${GREEN}update${NORMAL}"
echo " update info : Show update details" ${GREEN}update${NORMAL}
echo " update release : Update Lynis release" update info : Show update details
echo "" update release : Update Lynis release
echo ""
echo " ${WHITE}Scan options:${NORMAL}"
echo " --auditor \"<name>\" : Auditor name" ${WHITE}Scan options:${NORMAL}
echo " --dump-options : See all available options" --auditor \"<name>\" : Auditor name
echo " --no-log : Don't create a log file" --dump-options : See all available options
echo " --pentest : Non-privileged scan (useful for pentest)" --no-log : Don't create a log file
echo " --profile <profile> : Scan the system with the given profile file" --pentest : Non-privileged scan (useful for pentest)
echo " --quick (-Q) : Quick mode, don't wait for user input" --profile <profile> : Scan the system with the given profile file
echo " --tests \"<tests>\" : Run only tests defined by <tests>" --quick (-Q) : Quick mode, don't wait for user input
echo " --tests-category \"<category>\" : Run only tests defined by <category>" --tests \"<tests>\" : Run only tests defined by <tests>
echo "" --tests-category \"<category>\" : Run only tests defined by <category>
echo " ${WHITE}Layout options:${NORMAL}"
echo " --no-colors : Don't use colors in output" ${WHITE}Layout options:${NORMAL}
echo " --quiet (-q) : No output, except warnings" --no-colors : Don't use colors in output
echo " --reverse-colors : Optimize color display for light backgrounds" --quiet (-q) : No output, except warnings
echo "" --reverse-colors : Optimize color display for light backgrounds
echo " ${WHITE}Misc options:${NORMAL}"
echo " --debug : Debug logging to screen" ${WHITE}Misc options:${NORMAL}
echo " --view-manpage (--man) : View man page" --debug : Debug logging to screen
echo " --version (-V) : Display version number and quit" --view-manpage (--man) : View man page
echo "" --version (-V) : Display version number and quit
echo " ${WHITE}Enterprise options:${NORMAL}"
echo " --plugin-dir \"<path>\" : Define path of available plugins" ${WHITE}Enterprise options:${NORMAL}
echo " --upload : Upload data to central node" --plugin-dir \"<path>\" : Define path of available plugins
echo "" --upload : Upload data to central node
echo ""
"
if [ ${WRONGOPTION} -eq 1 ]; then if [ ${WRONGOPTION} -eq 1 ]; then
echo " ${RED}Error${NORMAL}: ${WHITE}Invalid option '${WRONGOPTION_value}'${NORMAL}" echo " ${RED}Error${NORMAL}: ${WHITE}Invalid option '${WRONGOPTION_value}'${NORMAL}"
@ -431,28 +438,32 @@
################################################################################# #################################################################################
# #
if [ ${PRIVILEGED} -eq 0 ]; then if [ ${PRIVILEGED} -eq 0 ]; then
echo "${WHITE}" printf "%s" "
echo " ###################################################################" ${WHITE}
echo " # #" ###################################################################
echo " # ${PURPLE}NON-PRIVILEGED SCAN MODE${WHITE} #" # #
echo " # #" # ${PURPLE}NON-PRIVILEGED SCAN MODE${WHITE} #
echo " ###################################################################" # #
echo "${NORMAL}" ###################################################################
echo " ${YELLOW}NOTES:${NORMAL}" ${NORMAL}
echo " --------------" ${YELLOW}NOTES:${NORMAL}
echo " ${WHITE}*${NORMAL} Some tests will be skipped (as they require root permissions)" --------------
echo " ${WHITE}*${NORMAL} Some tests might fail silently or give different results" ${WHITE}*${NORMAL} Some tests will be skipped (as they require root permissions)
echo "" ${WHITE}*${NORMAL} Some tests might fail silently or give different results
"
if [ "${LOGFILE}" = "" -o "${LOGFILE}" = "/dev/null" ]; then if [ "${LOGFILE}" = "" -o "${LOGFILE}" = "/dev/null" ]; then
echo " ${RED}WARNING:${NORMAL}" printf "%s" "
echo " ${WHITE}*${NORMAL} No suggestions or warnings will be displayed in report (due to missing log file)" ${RED}WARNING:${NORMAL}
echo "" ${WHITE}*${NORMAL} No suggestions or warnings will be displayed in report (due to missing log file)
"
fi fi
echo "" printf "%s" "
echo " ${WHITE}Press [ENTER] to continue or [CTRL] + C to break${NORMAL}"
echo "" ${WHITE}Press [ENTER] to continue or [CTRL] + C to break${NORMAL}
echo " ###################################################################"
echo "${NORMAL}"; echo "" ###################################################################
${NORMAL}
"
if [ ${QUICKMODE} -eq 0 ]; then read void; fi if [ ${QUICKMODE} -eq 0 ]; then read void; fi
fi fi
# #