Initial support for end-of-life OS detection

2019-02-26 16:15:15 +01:00 · 2019-02-26 16:15:15 +01:00 · 34a2742cdb
parent 672677bae1
commit 34a2742cdb
3 changed files with 49 additions and 0 deletions
--- a/db/software-eol.db
+++ b/db/software-eol.db
@ -0,0 +1,22 @@
+# End-of-life for operating systems and software
+# FreeBSD - https://www.freebsd.org/releases/
+os:FreeBSD 9.3:2014-07-01:
+os:FreeBSD 10.0:2014-01-01:
+os:FreeBSD 10.1:2014-11-01:
+os:FreeBSD 10.2:2015-08-01:
+os:FreeBSD 10.3:2016-04-01:
+os:FreeBSD 10.4:2017-10-01:
+os:FreeBSD 11.0:2016-10-01:
+os:FreeBSD 11.1:2017-07-01:
+# Ubuntu - https://wiki.ubuntu.com/Kernel/LTSEnablementStack
+os:Ubuntu 14.04:2019-05-01:
+os:Ubuntu 14.10:2015-07-01:
+os:Ubuntu 15.04:2016-01-01:
+os:Ubuntu 15.10:2016-07-01:
+os:Ubuntu 16.04:2021-05-01:
+os:Ubuntu 16.10:2017-07-01:
+os:Ubuntu 17.04:2018-01-01:
+os:Ubuntu 17.10:2018-07-01:
+os:Ubuntu 18.04:2023-05-01:
+os:Ubuntu 18.10:2019-07-01:
+os:Ubuntu 19.04:2020-01-01:
--- a/include/osdetection
+++ b/include/osdetection
@ -509,6 +509,27 @@
        QNAP_DEVICE=1
    fi

+    # Check if this OS is end-of-life
+    EOL=255
+    EOL_DATE=""
+    if [ ! -z "${OS_VERSION}" ]; then
+        if [ -f "${DBDIR}/software-eol.db" ]; then
+            FIND="${OS_FULLNAME}"
+            EOL_DATE=$(awk -v value="${FIND}" -F: '{if ($1=="os" && $2 ~ value){print $3}}' ${DBDIR}/software-eol.db | head -n 1)
+            if [ ! -z "${EOL_DATE}" ]; then
+                NOW=$(date "+%s")
+                FIND=$(date "+%s" --date=${EOL_DATE})
+                if [ ! -z "${FIND}" ]; then
+                    if [ ${NOW} -gt ${FIND} ]; then
+                        EOL=1
+                    else
+                        EOL=0
+                    fi
+                fi
+            fi
+        fi
+    fi
+

 #================================================================================
 # Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com
--- a/6
+++ b/6
@ -609,6 +609,12 @@ ${NORMAL}
        echo "  Operating system:          ${OS}"
        echo "  Operating system name:     ${OS_NAME}"
        echo "  Operating system version:  ${OS_VERSION}"
+        LogText "EOL check: ${EOL}"
+        if [ ${EOL} -eq 1 ]; then
+            echo "  End-of-life:               ${WARNING}YES${NORMAL}"
+            ReportWarning "GEN-0010" "This version ${OS_VERSION} is marked end-of-life as of ${EOL_DATE}"
+        fi
+
        if [ ! -z "${OS_MODE}" ]; then echo "  Operating system mode:     ${OS_MODE}"; fi
        echo "  Kernel version:            ${OS_KERNELVERSION}"
        echo "  Hardware platform:         ${HARDWARE}"