tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-27 07:44:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Internal reorganization

Browse Source
This commit is contained in:
Michael Boelen 2019-07-14 11:50:02 +02:00
parent 26fca99c40
commit 34f306eb0b
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
2 changed files with 80 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/consts
View File

@ -327,7 +327,6 @@ unset LANG
HPTOTAL=0 # Maximum number of hardening points HPTOTAL=0 # Maximum number of hardening points
LOG_INCORRECT_OS=1 # Log tests with incorrect OS LOG_INCORRECT_OS=1 # Log tests with incorrect OS
NEVERBREAK=0 # Don't wait for user input NEVERBREAK=0 # Don't wait for user input
PENTESTINGMODE=0 # Try tests without root privileges
QUICKMODE=1 # Don't wait for user input QUICKMODE=1 # Don't wait for user input
QUIET=0 # Show normal messages and warnings as well QUIET=0 # Show normal messages and warnings as well
SKIPLOGTEST=0 # Skip logging for one test SKIPLOGTEST=0 # Skip logging for one test

143
lynis
View File

@ -21,27 +21,29 @@
# Lynis is an automated auditing tool for Unix based operating systems. # Lynis is an automated auditing tool for Unix based operating systems.
# #
################################################################################# #################################################################################
#
# In Solaris /bin/sh is not POSIX, but /usr/xpg4/bin/sh is.
# Switch to /usr/xpg4/bin/sh if it exists and we are not already running it.
if [ "$(uname)" = "SunOS" ]; then
test "$_" != "/usr/xpg4/bin/sh" && test -f /usr/xpg4/bin/sh && exec /usr/xpg4/bin/sh "$0" "$@"
fi
#
#################################################################################
# #
# Code quality: don't allow using undefined variables # Code quality: don't allow using undefined variables
# Notes: $_ may be empty on FreeBSD
set -o nounset set -o nounset
# #
################################################################################# #################################################################################
# #
# In Solaris /bin/sh is not POSIX, but /usr/xpg4/bin/sh is.
# Switch to /usr/xpg4/bin/sh if it exists and we are not already running it.
test "$_" != "/usr/xpg4/bin/sh" && test -f /usr/xpg4/bin/sh && exec /usr/xpg4/bin/sh "$0" "$@"
#
#################################################################################
#
# Program information # Program information
PROGRAM_NAME="Lynis" PROGRAM_NAME="Lynis"
PROGRAM_AUTHOR="CISOfy" PROGRAM_AUTHOR="CISOfy"
PROGRAM_AUTHOR_CONTACT="lynis-dev@cisofy.com" PROGRAM_AUTHOR_CONTACT="lynis-dev@cisofy.com"
# Version details # Version details
PROGRAM_RELEASE_DATE="2019-06-29" PROGRAM_RELEASE_DATE="2019-07-14"
PROGRAM_RELEASE_TIMESTAMP=1561383761 PROGRAM_RELEASE_TIMESTAMP=1563094548
PROGRAM_RELEASE_TYPE="dev" # dev or final PROGRAM_RELEASE_TYPE="dev" # dev or final
PROGRAM_VERSION="3.0.0" PROGRAM_VERSION="3.0.0"
@ -58,7 +60,6 @@
REPORT_version_major="1"; REPORT_version_minor="0" REPORT_version_major="1"; REPORT_version_minor="0"
REPORT_version="${REPORT_version_major}.${REPORT_version_minor}" REPORT_version="${REPORT_version_major}.${REPORT_version_minor}"
DISPLAY_LANG="${LANG}" # required by function Display to deal with multi-bytes characters.
# #
################################################################################# #################################################################################
@ -74,53 +75,31 @@
WORKDIR=$(pwd) WORKDIR=$(pwd)
# Test from which directories we can use all functions and tests # Test from which directories we can use all functions and tests
INCLUDEDIR=""
INCLUDEDIR="" # Set default include directory to none tINCLUDE_TARGETS="/usr/local/include/lynis /usr/local/lynis/include /usr/share/lynis/include ./include" # Default paths to check (CWD as last option, in case we run from standalone)
tINCLUDE_TARGETS="/usr/local/include/lynis /usr/local/lynis/include /usr/share/lynis/include ./include" # Default paths to check (CWD as last option, in case we run from standalone) for I in ${tINCLUDE_TARGETS}; do
for I in ${tINCLUDE_TARGETS}; do if [ "${I}" = "./include" ]; then
if [ "${I}" = "./include" ]; then if [ -d "${WORKDIR}/include" ]; then INCLUDEDIR="${WORKDIR}/include"; fi
if [ -d "${WORKDIR}/include" ]; then INCLUDEDIR="${WORKDIR}/include"; fi elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then
elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then INCLUDEDIR=${I}
INCLUDEDIR=${I} fi
fi done
done
# Drop out if our include directory can't be found # Drop out if our include directory can't be found
if [ -z "${INCLUDEDIR}" ]; then if [ -z "${INCLUDEDIR}" ]; then
printf "%s" " printf "%s" "\nFatal error: can't find include directory\nMake sure to execute ${PROGRAM_NAME} from untarred directory or check your installation."
Fatal error: can't find include directory exit 1
Make sure to execute ${PROGRAM_NAME} from untarred directory or check your installation." fi
exit 1
fi
# Test for database directory # Test for database directory
DBDIR=""; tDB_TARGETS="/usr/local/share/lynis/db /usr/local/lynis/db /usr/share/lynis/db ./db"
DBDIR=""; tDB_TARGETS="/usr/local/share/lynis/db /usr/local/lynis/db /usr/share/lynis/db ./db" for I in ${tDB_TARGETS}; do
for I in ${tDB_TARGETS}; do if [ "${I}" = "./db" ]; then
if [ "${I}" = "./db" ]; then if [ -d "${WORKDIR}/db" ]; then DBDIR="${WORKDIR}/db"; fi
if [ -d "${WORKDIR}/db" ]; then DBDIR="${WORKDIR}/db"; fi elif [ -d ${I} -a -z "${DBDIR}" ]; then
elif [ -d ${I} -a -z "${DBDIR}" ]; then DBDIR="${I}"
DBDIR="${I}" fi
fi done
done
# Import translations. First import English to prefill all texts
if [ ! -f ${DBDIR}/languages/en ]; then
echo "Could not find languages directory (file: ${DBDIR}/languages/en)"
exit 1
else
. ${DBDIR}/languages/en
fi
# Auto detection of language based on locale (first two characters). Set to English when nothing found.
if [ -x "$(command -v locale 2> /dev/null)" ]; then
LANGUAGE=$(locale | egrep "^LANG=" | cut -d= -f2 | cut -d_ -f1 | egrep "^[a-z]{2}$")
fi
if [ -z "${LANGUAGE}" ]; then
#Debug "Result: no (valid) language found, setting to default language (en)"
LANGUAGE="en"
fi
# #
################################################################################# #################################################################################
# #
@ -128,7 +107,7 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
# Check user to determine file permissions later on. If we encounter Solaris, use related id binary instead # Check user to determine file permissions later on. If we encounter Solaris, use related id binary instead
if [ -x /usr/xpg4/bin/id ]; then if [ -x /usr/xpg4/bin/id ]; then
MYID=$(/usr/xpg4/bin/id -u 2> /dev/null) MYID=$(/usr/xpg4/bin/id -u 2> /dev/null)
elif [ $(uname) = "SunOS" ]; then elif [ "$(uname)" = "SunOS" ]; then
MYID=$(id | tr '=' ' ' | tr '(' ' ' | awk '{ print $2 }' 2> /dev/null) MYID=$(id | tr '=' ' ' | tr '(' ' ' | awk '{ print $2 }' 2> /dev/null)
else else
MYID=$(id -u 2> /dev/null) MYID=$(id -u 2> /dev/null)
@ -137,10 +116,21 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
# #
################################################################################# #################################################################################
# #
# Consts (bin paths, text strings, colors) # Set basic values and test permissions of the files to include, such as:
# - consts: bin paths, text strings, colors
# - functions: function library
# #
################################################################################# #################################################################################
# #
# Determine if we are root (UID = 0)
if [ ${MYID} -eq 0 ]; then
PRIVILEGED=1
PENTESTINGMODE=0
else
# Set to pentesting mode if scan is with root privileges
PENTESTINGMODE=1
fi
# Perform a basic check for permissions. After including functions, using SafePerms() # Perform a basic check for permissions. After including functions, using SafePerms()
IGNORE_FILE_PERMISSION_ISSUES=0 IGNORE_FILE_PERMISSION_ISSUES=0
@ -204,6 +194,41 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
# #
################################################################################# #################################################################################
# #
# Language settings
#
#################################################################################
#
# Auto detection of language based on shell LANG variable. This is required by the Display() function to deal with multi-bytes characters.
DISPLAY_LANG="${LANG:-}"
# Try locale command if shell variable had no value
if [ -z "${DISPLAY_LANG}" ]; then
DISPLAY_LANG=$(locale | egrep "^LANG=" | cut -d= -f2)
fi
# Extract the short notation of the language (first two characters).
if [ -x "$(command -v locale 2> /dev/null)" ]; then
LANGUAGE=$(locale | egrep "^LANG=" | cut -d= -f2 | cut -d_ -f1 | egrep "^[a-z]{2}$")
fi
# Set default language: 'en' (English) if no value is set
if [ -z "${LANGUAGE}" ]; then
LANGUAGE="en"
fi
# Import translations. First import English to prefill all texts
if [ -f ${DBDIR}/languages/en ]; then
if SafeFile "${DBDIR}/languages/en"; then
. ${DBDIR}/languages/en
else
ExitFatal "Incorrect ownership or permissions of language file (${DBDIR}/languages/en)"
fi
else
echo "Could not find languages directory (file: ${DBDIR}/languages/en)"
exit 1
fi
#
#################################################################################
#
# Traps # Traps
# #
################################################################################# #################################################################################
@ -222,14 +247,6 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta
SafePerms ${INCLUDEDIR}/parameters SafePerms ${INCLUDEDIR}/parameters
. ${INCLUDEDIR}/parameters . ${INCLUDEDIR}/parameters
# Now determine if we are root (UID = 0)
if [ ${MYID} -eq 0 ]; then
PRIVILEGED=1
else
Debug "Starting Lynis non-privileged"
# Implied pentesting mode if not performed by root user
PENTESTINGMODE=1
fi
# Disable logging if no alternative was provided # Disable logging if no alternative was provided
if [ ${PRIVILEGED} -eq 0 ]; then if [ ${PRIVILEGED} -eq 0 ]; then