diff --git a/lynis b/lynis index 86a8ddad..95289939 100755 --- a/lynis +++ b/lynis @@ -490,22 +490,22 @@ ${NORMAL} exit 1 fi logtextbreak - logtext "### ${PROGRAM_COPYRIGHT} ###" + LogText "### ${PROGRAM_COPYRIGHT} ###" # Clear report file (to avoid appending to an existing file) echo "# ${PROGRAM_NAME} Report" > ${REPORTFILE} - report "report_version_major=${REPORT_version_major}" - report "report_version_minor=${REPORT_version_minor}" + Report "report_version_major=${REPORT_version_major}" + Report "report_version_minor=${REPORT_version_minor}" CDATE=`date "+%F %H:%M:%S"` - report "report_datetime_start=${CDATE}" - report "auditor=${AUDITORNAME}" - report "lynis_version=${PROGRAM_VERSION}" - report "os=${OS}" - report "os_name=${OS_NAME}" - report "os_fullname=${OS_FULLNAME}" - report "os_version=${OS_VERSION}" - if [ "${OS}" = "Linux" ]; then report "linux_version=${LINUX_VERSION}"; fi - report "hostname=${HOSTNAME}" + Report "report_datetime_start=${CDATE}" + Report "auditor=${AUDITORNAME}" + Report "lynis_version=${PROGRAM_VERSION}" + Report "os=${OS}" + Report "os_name=${OS_NAME}" + Report "os_fullname=${OS_FULLNAME}" + Report "os_version=${OS_VERSION}" + if [ "${OS}" = "Linux" ]; then Report "linux_version=${LINUX_VERSION}"; fi + Report "hostname=${HOSTNAME}" if [ "${HOSTNAME}" = "" ]; then HOSTNAME="no-hostname" @@ -530,7 +530,7 @@ ${NORMAL} # # Plugin directory test if [ "${PLUGINDIR}" = "" ]; then - #logtext "Result: Searching for plugindir" + #LogText "Result: Searching for plugindir" tPLUGIN_TARGETS="/usr/local/lynis/plugins /usr/local/share/lynis/plugins /usr/share/lynis/plugins /etc/lynis/plugins ./plugins" for I in ${tPLUGIN_TARGETS}; do if [ -d ${I} ]; then @@ -575,31 +575,31 @@ ${NORMAL} echo " ---------------------------------------------------" fi - logtext "Program version: ${PROGRAM_VERSION}" - logtext "Operating system: ${OS}" - logtext "Operating system name: ${OS_NAME}" - logtext "Operating system version: ${OS_VERSION}" - if [ ! "${OS_MODE}" = "" ]; then logtext "Operating system mode: ${OS_MODE}"; fi - logtext "Kernel version: ${OS_KERNELVERSION}" + LogText "Program version: ${PROGRAM_VERSION}" + LogText "Operating system: ${OS}" + LogText "Operating system name: ${OS_NAME}" + LogText "Operating system version: ${OS_VERSION}" + if [ ! "${OS_MODE}" = "" ]; then LogText "Operating system mode: ${OS_MODE}"; fi + LogText "Kernel version: ${OS_KERNELVERSION}" if [ ! "${OS_KERNELVERSION_FULL}" = "" ]; then - logtext "Kernel version (full): ${OS_KERNELVERSION_FULL}" + LogText "Kernel version (full): ${OS_KERNELVERSION_FULL}" fi - logtext "Hardware platform: ${HARDWARE}" - logtext "-----------------------------------------------------" - logtext "Hostname: ${HOSTNAME}" - logtext "Auditor: ${AUDITORNAME}" - logtext "Profiles: ${PROFILES}" - logtext "Work directory: ${WORKDIR}" - logtext "Include directory: ${INCLUDEDIR}" - logtext "Plugin directory: ${PLUGINDIR}" - logtext "-----------------------------------------------------" - logtext "Log file: ${LOGFILE}" - logtext "Report file: ${REPORTFILE}" - logtext "Report version: ${REPORT_version}" - logtext "-----------------------------------------------------" - logtext "BusyBox used: ${SHELL_IS_BUSYBOX}" + LogText "Hardware platform: ${HARDWARE}" + LogText "-----------------------------------------------------" + LogText "Hostname: ${HOSTNAME}" + LogText "Auditor: ${AUDITORNAME}" + LogText "Profiles: ${PROFILES}" + LogText "Work directory: ${WORKDIR}" + LogText "Include directory: ${INCLUDEDIR}" + LogText "Plugin directory: ${PLUGINDIR}" + LogText "-----------------------------------------------------" + LogText "Log file: ${LOGFILE}" + LogText "Report file: ${REPORTFILE}" + LogText "Report version: ${REPORT_version}" + LogText "-----------------------------------------------------" + LogText "BusyBox used: ${SHELL_IS_BUSYBOX}" - report "plugin_directory=${PLUGINDIR}" + Report "plugin_directory=${PLUGINDIR}" logtextbreak # @@ -609,49 +609,49 @@ ${NORMAL} # ################################################################################# # - logtext "Test: Checking for program update..." + LogText "Test: Checking for program update..." UPDATE_AVAILABLE=0 if [ ${SKIP_UPGRADE_TEST} -eq 1 ]; then - logtext "Upgrade test skipped due profile option set (skip_upgrade_test)" + LogText "Upgrade test skipped due profile option set (skip_upgrade_test)" PROGRAM_LV="${PROGRAM_AC}" else CheckUpdates fi if [ "${PROGRAM_AC}" = "" -o "${PROGRAM_LV}" = "" ]; then Display --indent 2 --text "- Program update status... " --result UNKNOWN --color YELLOW - logtext "Result: Update check failed. No network connection?" - logtext "Info: to perform an automatic update check, outbound DNS connections should be allowed (TXT record)." + LogText "Result: Update check failed. No network connection?" + LogText "Info: to perform an automatic update check, outbound DNS connections should be allowed (TXT record)." # Set both to safe values PROGRAM_AC=0; PROGRAM_LV=0 else - logtext "Current installed version : ${PROGRAM_AC}" - logtext "Latest stable version : ${PROGRAM_LV}" + LogText "Current installed version : ${PROGRAM_AC}" + LogText "Latest stable version : ${PROGRAM_LV}" if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then # Check if current version is REALLY outdated (10 versions ago) PROGRAM_MINVERSION=`expr ${PROGRAM_LV} - 10` - logtext "Minimum required version : ${PROGRAM_MINVERSION}" + LogText "Minimum required version : ${PROGRAM_MINVERSION}" if [ ${PROGRAM_MINVERSION} -gt ${PROGRAM_AC} ]; then Display --indent 2 --text "- Program update status... " --result "WARNING" --color RED - logtext "Result: This version is VERY outdated. Newer ${PROGRAM_NAME} release available!" + LogText "Result: This version is VERY outdated. Newer ${PROGRAM_NAME} release available!" ReportWarning "LYNIS" "Version of Lynis is very old and should be updated" - report "lynis_update_available=1" + Report "lynis_update_available=1" UPDATE_AVAILABLE=1 else Display --indent 2 --text "- Program update status... " --result "UPDATE AVAILABLE" --color YELLOW - logtext "Result: newer ${PROGRAM_NAME} release available!" + LogText "Result: newer ${PROGRAM_NAME} release available!" ReportSuggestion "LYNIS" "Version of Lynis outdated, consider upgrading to the latest version" - report "lynis_update_available=1" + Report "lynis_update_available=1" UPDATE_AVAILABLE=1 fi else if [ ${UPDATE_CHECK_SKIPPED} -eq 0 ]; then Display --indent 2 --text "- Program update status... " --result "NO UPDATE" --color GREEN - logtext "No ${PROGRAM_NAME} update available." - report "lynis_update_available=0" + LogText "No ${PROGRAM_NAME} update available." + Report "lynis_update_available=0" else Display --indent 2 --text "- Program update status... " --result "SKIPPED" --color YELLOW - logtext "Update check skipped due to constraints (e.g. missing dig binary)" - report "lynis_update_available=-1" + LogText "Update check skipped due to constraints (e.g. missing dig binary)" + Report "lynis_update_available=-1" fi fi fi @@ -754,13 +754,13 @@ ${NORMAL} if [ ${PLUGIN_PHASE} -eq 1 ]; then Display --text "Note: plugins have more extensive tests, which may take a few minutes to complete" Display --text " " - logtext "Searching plugins..." + LogText "Searching plugins..." fi # Search plugins FIND_PLUGINS=`find ${PLUGINDIR} -type f -name "plugin_[a-z]*" -exec echo \{\} \; | sort` for PLUGIN_FILE in ${FIND_PLUGINS}; do - logtext "Found plugin file: ${PLUGIN_FILE}" + LogText "Found plugin file: ${PLUGIN_FILE}" # Double check if output is a valid file name if [ -f ${PLUGIN_FILE} ]; then FIND2=`grep "^# PLUGIN_NAME=" ${PLUGIN_FILE} | awk -F= '{ print $2 }'` @@ -769,15 +769,15 @@ ${NORMAL} # Check if the plugin is enabled in any of the profiles PLUGIN_ENABLED_STATE=0 for PROFILE in ${PROFILES}; do - logtext "Action: checking plugin status in profile: ${PROFILE}" + LogText "Action: checking plugin status in profile: ${PROFILE}" FIND3=`grep "^plugin=${FIND2}" ${PROFILE}` if [ ! "${FIND3}" = "" ]; then - logtext "Result: plugin enabled in profile (${PROFILE})" + LogText "Result: plugin enabled in profile (${PROFILE})" PLUGIN_ENABLED_STATE=1 fi done if [ ${PLUGIN_ENABLED_STATE} -eq 1 ]; then - logtext "Result: plugin ${FIND2} is enabled" + LogText "Result: plugin ${FIND2} is enabled" # Plugins should have at least a _phase1 part, _phase2 is optional at this moment PLUGINFILE="${PLUGINDIR}/plugin_${FIND2}_phase${PLUGIN_PHASE}" if [ -f ${PLUGINFILE} ]; then @@ -785,40 +785,40 @@ ${NORMAL} PLUGIN_VERSION_NODOTS=`echo ${PLUGIN_VERSION} | sed 's/.//g'` FIND4=`ls -l ${PLUGINFILE} | cut -c 2-10` if [ "${FIND4}" = "rw-r--r--" -o "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then - logtext "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})" - report "plugin_enabled_phase${PLUGIN_PHASE}[]=${FIND2}|${PLUGIN_VERSION}|" + LogText "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})" + Report "plugin_enabled_phase${PLUGIN_PHASE}[]=${FIND2}|${PLUGIN_VERSION}|" if [ ${PLUGIN_PHASE} -eq 1 ]; then N_PLUGIN_ENABLED=`expr ${N_PLUGIN_ENABLED} + 1`; fi Display --indent 2 --text "- ${CYAN}Plugin${NORMAL}: ${WHITE}${FIND2}${NORMAL}" if [ ${PLUGIN_PHASE} -eq 1 ]; then Progress " ["; fi . ${PLUGINFILE} if [ ${PLUGIN_PHASE} -eq 1 ]; then Progress "]"; Progress --finish; fi logtextbreak - logtext "Result: ${FIND2} plugin (phase ${PLUGIN_PHASE}) finished" + LogText "Result: ${FIND2} plugin (phase ${PLUGIN_PHASE}) finished" else - logtext "Plugin ${FIND2}: Skipped (bad file permissions, should be 640, 600 or 400)" + LogText "Plugin ${FIND2}: Skipped (bad file permissions, should be 640, 600 or 400)" fi else - logtext "Plugin ${FIND2}: Skipped (can't find file ${PLUGINFILE})" + LogText "Plugin ${FIND2}: Skipped (can't find file ${PLUGINFILE})" fi else - logtext "Plugin ${FIND2}: Skipped (not enabled)" + LogText "Plugin ${FIND2}: Skipped (not enabled)" fi else - logtext "Skipping plugin file ${PLUGIN_FILE} (no valid plugin name found)" + LogText "Skipping plugin file ${PLUGIN_FILE} (no valid plugin name found)" fi fi - logtext "--" + LogText "--" done - logtext "Result: Found ${N_PLUGIN} plugins of which ${N_PLUGIN_ENABLED} are enabled" - logtext "Result: Plugins ${PLUGIN_PHASE} finished" + LogText "Result: Found ${N_PLUGIN} plugins of which ${N_PLUGIN_ENABLED} are enabled" + LogText "Result: Plugins ${PLUGIN_PHASE} finished" } RunPlugins 1 if [ ${N_PLUGIN_ENABLED} -eq 0 ]; then Display --indent 2 --text "- Plugins enabled " --result "NONE" --color WHITE - report "plugins_enabled=0" + Report "plugins_enabled=0" else - report "plugins_enabled=1" + Report "plugins_enabled=1" fi fi # @@ -829,16 +829,16 @@ ${NORMAL} GetHostID # Check if result is not empty (no blank, or hash of blank value, or minus, or zeros) if [ ! "${HOSTID}" = "-" -a ! "${HOSTID}" = "" -a ! "${HOSTID}" = "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc" -a ! "${HOSTID}" = "6ef1338f520d075957424741d7ed35ab5966ae97" ]; then - logtext "Info: found valid HostID ${HOSTID}" - report "hostid=${HOSTID}" + LogText "Info: found valid HostID ${HOSTID}" + Report "hostid=${HOSTID}" else - logtext "Info: no HostID found or invalid one" + LogText "Info: no HostID found or invalid one" fi if [ ! "${MACHINEID}" = "" ]; then - logtext "Info: found a machine ID ${MACHINEID}" - report "machineid=${MACHINEID}" + LogText "Info: found a machine ID ${MACHINEID}" + Report "machineid=${MACHINEID}" else - logtext "Info: no machine ID found" + LogText "Info: no machine ID found" fi # ################################################################################# @@ -849,7 +849,7 @@ ${NORMAL} logtextbreak # Test sections if [ "${TESTS_CATEGORY_TO_PERFORM}" = "" ]; then - logtext "Info: perform tests from all categories" + LogText "Info: perform tests from all categories" INCLUDE_TESTS="boot_services kernel memory_processes authentication shells \ filesystems storage storage_nfs nameservices ports_packages networking printers_spools \ @@ -859,7 +859,7 @@ ${NORMAL} kernel_hardening hardening" else INCLUDE_TESTS="${TESTS_CATEGORY_TO_PERFORM}" - logtext "Info: only performing tests from categories: ${TESTS_CATEGORY_TO_PERFORM}" + LogText "Info: only performing tests from categories: ${TESTS_CATEGORY_TO_PERFORM}" fi # Include available tests @@ -871,7 +871,7 @@ ${NORMAL} if [ "${FIND}" = "rw-r--r--" -o "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then . ${INCLUDEDIR}/tests_${INCLUDE_TEST} else - logtext "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDEDIR}/tests_${INCLUDE_TEST} has bad permissions (should be 640, 600 or 400)" + LogText "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDEDIR}/tests_${INCLUDE_TEST} has bad permissions (should be 640, 600 or 400)" ReportWarning "NONE" "H" "Invalid permissions on tests file tests_${INCLUDE_TEST}" # Insert a section and warn user also on screen InsertSection "General" @@ -890,19 +890,19 @@ ${NORMAL} if [ ${RUN_TESTS} -eq 1 ]; then InsertSection "Custom Tests" - logtext "Test: Checking for tests_custom file" + LogText "Test: Checking for tests_custom file" # Custom tests if [ -f ${INCLUDEDIR}/tests_custom ]; then - logtext "Result: tests_custom file found in include directory" - logtext "Test: checking file permissions of tests_custom file" + LogText "Result: tests_custom file found in include directory" + LogText "Test: checking file permissions of tests_custom file" FIND=`ls -l ${INCLUDEDIR}/tests_custom | cut -c 2-10` if [ "${FIND}" = "rw-r--r--" -o "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then Display --indent 2 --text "- Start custom tests... " - logtext "Result: file permissions fine, running custom tests" + LogText "Result: file permissions fine, running custom tests" SafePerms ${INCLUDEDIR}/tests_custom . ${INCLUDEDIR}/tests_custom else - logtext "Exception: skipping custom tests, file has bad permissions (should be 640, 600 or 400)" + LogText "Exception: skipping custom tests, file has bad permissions (should be 640, 600 or 400)" ReportWarning "NONE" "H" "Invalid permissions on custom tests file" Display --indent 2 --text "- Running custom tests... " --result "WARNING" --color RED fi @@ -919,10 +919,10 @@ ${NORMAL} # if [ ${RUN_HELPERS} -eq 1 ]; then if [ ! "${HELPER}" = "" ]; then - logtext "Helper tool is $HELPER" + LogText "Helper tool is $HELPER" if [ -f ${INCLUDEDIR}/helper_${HELPER} ]; then SafePerms ${INCLUDEDIR}/helper_${HELPER} - logtext "Running helper tool ${HELPER} with params: ${HELPER_PARAMS}" + LogText "Running helper tool ${HELPER} with params: ${HELPER_PARAMS}" InsertPluginSection "Helper: ${HELPER}" . ${INCLUDEDIR}/helper_${HELPER} ${HELPER_PARAMS} else @@ -948,9 +948,9 @@ ${NORMAL} ################################################################################# # # Store total performed tests - report "lynis_tests_done=${CTESTS_PERFORMED}" + Report "lynis_tests_done=${CTESTS_PERFORMED}" CDATE=`date "+%F %H:%M:%S"` - report "report_datetime_end=${CDATE}" + Report "report_datetime_end=${CDATE}" # Show report if [ -f ${INCLUDEDIR}/report ]; then SafePerms ${INCLUDEDIR}/report; . ${INCLUDEDIR}/report; fi @@ -958,15 +958,15 @@ ${NORMAL} # Show tool tips if [ -f ${INCLUDEDIR}/hints_tips ]; then SafePerms ${INCLUDEDIR}/hints_tips; . ${INCLUDEDIR}/hints_tips; fi - logtext "================================================================================" - logtext "Tests performed: ${CTESTS_PERFORMED}" - logtext "Total tests: ${TOTAL_TESTS}" - logtext "Active plugins: ${N_PLUGIN_ENABLED}" - logtext "Total plugins: ${N_PLUGIN}" - logtext "================================================================================" - report "tests_executed=${TESTS_EXECUTED}" - report "tests_skipped=${TESTS_SKIPPED}" - report "finish=true" + LogText "================================================================================" + LogText "Tests performed: ${CTESTS_PERFORMED}" + LogText "Total tests: ${TOTAL_TESTS}" + LogText "Active plugins: ${N_PLUGIN_ENABLED}" + LogText "Total plugins: ${N_PLUGIN}" + LogText "================================================================================" + Report "tests_executed=${TESTS_EXECUTED}" + Report "tests_skipped=${TESTS_SKIPPED}" + Report "finish=true" # Upload data if [ ${UPLOAD_DATA} -eq 1 ]; then @@ -978,11 +978,11 @@ ${NORMAL} fi fi - logtext "${PROGRAM_NAME} ${PROGRAM_VERSION}" - logtext "${PROGRAM_COPYRIGHT}" - logtext "${PROGRAM_EXTRAINFO}" - logtext "Program ended successfully" - logtext "================================================================================" + LogText "${PROGRAM_NAME} ${PROGRAM_VERSION}" + LogText "${PROGRAM_COPYRIGHT}" + LogText "${PROGRAM_EXTRAINFO}" + LogText "Program ended successfully" + LogText "================================================================================" # Clean exit (Delete PID file) if [ ${TOTAL_WARNINGS} -gt 0 ]; then