tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-22 21:34:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

[FIRE-4512] lowered number of minimum rules

Browse Source
This commit is contained in:
Michael Boelen 2017-02-14 16:19:44 +01:00
parent c0e604c059
commit 30d9c2b72d
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/tests_firewalls
View File

@ -145,14 +145,14 @@
# #
# Test : FIRE-4512 # Test : FIRE-4512
# Description : Check iptables for empty ruleset (should have at least 10 or more rules) # Description : Check iptables for empty ruleset (should have at least 10 or more rules)
if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi if [ ! -z "${IPTABLESBINARY}" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check iptables for empty ruleset" Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check iptables for empty ruleset"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(${IPTABLESBINARY} --list --numeric 2> /dev/null | ${EGREPBINARY} -v "^(Chain|target|$)" | ${WCBINARY} -l | ${TRBINARY} -d ' ') FIND=$(${IPTABLESBINARY} --list --numeric 2> /dev/null | ${EGREPBINARY} -v "^(Chain|target|$)" | ${WCBINARY} -l | ${TRBINARY} -d ' ')
if [ ! -z "${FIND}" ]; then if [ ! -z "${FIND}" ]; then
FIREWALL_ACTIVE=1 FIREWALL_ACTIVE=1
if [ ${FIND} -le 10 ]; then if [ ${FIND} -le 5 ]; then
# Firewall is active, but clearly needs configuration # Firewall is active, but needs configuration
FIREWALL_EMPTY_RULESET=1 FIREWALL_EMPTY_RULESET=1
LogText "Result: iptables ruleset seems to be empty (found ${FIND} rules)" LogText "Result: iptables ruleset seems to be empty (found ${FIND} rules)"
Display --indent 4 --text "- Checking for empty ruleset" --result "${STATUS_WARNING}" --color RED Display --indent 4 --text "- Checking for empty ruleset" --result "${STATUS_WARNING}" --color RED