Added ShowComplianceFinding function to display any non-compliance with security standards

2015-10-01 13:16:27 +02:00 · 2015-10-01 13:16:27 +02:00 · 2b5c63bff9
parent 55ee1e90bc
commit 2b5c63bff9
1 changed files with 78 additions and 0 deletions
--- a/include/functions
+++ b/include/functions
@ -50,6 +50,7 @@
 #    Register                   Register a test (for logging and execution)
 #    SafePerms                  Check if a directory has safe permissions
 #    SearchItem                 Search a string in a file
+#    ShowComplianceFinding      Display a particular finding regarding compliance or a security standard
 #    ShowSymlinkPath            Show a path behind a symlink
 #    ViewCategories             Display tests categories
 #    logtext                    Log text strings to logfile, prefixed with date/time
@ -1412,6 +1413,83 @@
      }


+    ################################################################################
+    # Name        : ShowComplianceFinding()
+    # Description : Display a section of a compliance standard which is not fulfilled
+    # Parameters  : <misc>
+    # Returns     : Nothing
+    ################################################################################
+
+    ShowComplianceFinding()
+      {
+        REASON=""
+        STANDARD_NAME=""
+        STANDARD_VERSION=""
+        STANDARD_SECTION=""
+        STANDARD_SECTION_TITLE=""
+        ACTUAL_VALUE=""
+        EXPECTED_VALUE=""
+        while [ $# -ge 1 ]; do
+            case $1 in
+                --standard)
+                    shift
+                    STANDARD_NAME=$1
+                ;;
+                --version)
+                    shift
+                    STANDARD_VERSION=$1
+                ;;
+                --section)
+                    shift
+                    STANDARD_SECTION=$1
+                ;;
+                --section-title)
+                    shift
+                    STANDARD_SECTION_TITLE=$1
+                ;;
+                --reason)
+                    shift
+                    REASON=$1
+                ;;
+                --actual)
+                    shift
+                    ACTUAL_VALUE=$1
+                ;;
+                --expected)
+                    shift
+                    EXPECTED_VALUE=$1
+                ;;
+
+                *)
+                    echo "INVALID OPTION (ShowComplianceFinding): $1"
+                    exit 1
+                ;;
+            esac
+            # Go to next parameter
+            shift
+        done
+        # Should we show this non-compliance on screen?
+        SHOW=0
+        case ${STANDARD_NAME} in
+            hipaa)
+                if [ ${COMPLIANCE_HIPAA} -eq 1 ]; then SHOW=1; fi
+            ;;
+            iso27001)
+                if [ ${COMPLIANCE_ISO27001} -eq 1 ]; then SHOW=1; fi
+            ;;
+            pci-dss)
+                if [ ${COMPLIANCE_PCI_DSS} -eq 1 ]; then SHOW=1; fi
+            ;;
+        esac
+        # Only display if standard is enabled in the profile
+        if [ ${SHOW} -eq 1 ]; then
+            Display --indent 2 --text "[${WHITE}${STANDARD_NAME} ${STANDARD_VERSION}${NORMAL}] ${STANDARD_SECTION} ${STANDARD_SECTION_TITLE}"
+            Display --indent 2 --text "Details: ${REASON}"
+            Display --indent 2 --text "Values:  ${RED}${ACTUAL_VALUE}${NORMAL} / ${WHITE}${EXPECTED_VALUE}${NORMAL}"
+        fi
+      }
+
+
    ################################################################################
    # Name        : ShowSymlinkPath()
    # Description : Check if we can find the path behind a symlink