tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[CRYP-7902] Test certificates with extension crt and pem, only if not part of a package

This commit is contained in:
Michael Boelen 2017-03-12 16:35:50 +01:00
parent a70cfd0a70
commit 32b9af0767
1 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
include/tests_crypto
View File

@ -44,11 +44,13 @@
if [ ${CANREAD} -eq 1 ]; then if [ ${CANREAD} -eq 1 ]; then
LogText "Result: found directory ${DIR}" LogText "Result: found directory ${DIR}"
# Search for CRT files # Search for CRT files
sFINDCRTS=$(${FINDBINARY} ${DIR} -name "*.crt" -type f -print 2> /dev/null) sFINDCRTS=$(${FINDBINARY} ${DIR} -name "*.crt" -or -name "*.pem" -and -type f -print 2> /dev/null)
if [ ! -z "${sFINDCRTS}" ]; then if [ ! -z "${sFINDCRTS}" ]; then
for FILE in ${sFINDCRTS}; do for FILE in ${sFINDCRTS}; do
FileIsReadable ${FILE} FileIsReadable ${FILE}
if [ ${CANREAD} -eq 1 ]; then if [ ${CANREAD} -eq 1 ]; then
# Only check the files that are not installed by a package
if ! FileInstalledByPackage ${FILE}; then
COUNT_DIR=$((COUNT_DIR + 1)) COUNT_DIR=$((COUNT_DIR + 1))
LogText "Test: checking certificate ${FILE}" LogText "Test: checking certificate ${FILE}"
# Check certificate where 'end date' has been expired # Check certificate where 'end date' has been expired
@ -62,6 +64,7 @@
FOUNDPROBLEM=1 FOUNDPROBLEM=1
LogText "Result: certificate ${FILE} has been expired" LogText "Result: certificate ${FILE} has been expired"
fi fi
fi
else else
LogText "Result: can not read file ${FILE} (no permission)" LogText "Result: can not read file ${FILE} (no permission)"
fi fi
@ -72,11 +75,11 @@
else else
LogText "Result: can not read path ${DIR} (no permission)" LogText "Result: can not read path ${DIR} (no permission)"
fi fi
LogText "Result: found ${COUNT_DIR} certificates in ${DIR}"
else else
LogText "Result: SSL path ${DIR} does not exist" LogText "Result: SSL path ${DIR} does not exist"
fi fi
COUNT_TOTAL=$((COUNT_TOTAL + COUNT_DIR)) COUNT_TOTAL=$((COUNT_TOTAL + COUNT_DIR))
LogText "Result: found ${COUNT_DIR} certificates in ${DIR}"
done done
Report "certificates=${COUNT_TOTAL}" Report "certificates=${COUNT_TOTAL}"
LogText "Result: found a total of ${COUNT_TOTAL} certificates" LogText "Result: found a total of ${COUNT_TOTAL} certificates"