tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[KRNL-5788] Improvements for grsecurity kernels

This commit is contained in:
mboelen 2016-04-25 10:56:11 +02:00
parent 0f64d106b1
commit 3e20c1e30b
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/tests_kernel
View File

@ -349,15 +349,13 @@
LogText "Test: checking package from dpkg -S" LogText "Test: checking package from dpkg -S"
FINDKERNEL=`dpkg -S ${FINDKERNFILE} 2> /dev/null | awk -F : '{print $1}'` FINDKERNEL=`dpkg -S ${FINDKERNFILE} 2> /dev/null | awk -F : '{print $1}'`
LogText "Output: dpkg -S reported package ${FINDKERNEL}" LogText "Output: dpkg -S reported package ${FINDKERNEL}"
elif [ -e /dev/grsec ]; then
FINDKERNEL=linux-image-`uname -r`
LogText "/vmlinuz missing due to grsecurity; assuming ${FINDKERNEL}"
else else
if [ -e /dev/grsec ]; then LogText "This system is missing /vmlinuz. Unable to check whether kernel is up-to-date."
FINDKERNEL=linux-image-`uname -r` ReportException "${TEST_NO}:00|Missing /vmlinuz"
LogText "/vmlinuz missing due to grsecurity; assuming ${FINDKERNEL}" ReportSuggestion ${TEST_NO} "Discover why /vmlinuz is missing. Consider manually re-linking."
else
LogText "This system is missing /vmlinuz. Unable to check whether kernel is up-to-date."
ReportException "${TEST_NO}:00|Missing /vmlinuz"
ReportSuggestion ${TEST_NO} "Discover why /vmlinuz is missing. Consider manually re-linking."
fi
fi fi
LogText "Test: Using apt-cache policy to determine if there is an update available" LogText "Test: Using apt-cache policy to determine if there is an update available"
FINDINST=`apt-cache policy ${FINDKERNEL} | egrep 'Installed' | cut -d ':' -f2 | tr -d ' '` FINDINST=`apt-cache policy ${FINDKERNEL} | egrep 'Installed' | cut -d ':' -f2 | tr -d ' '`
@ -375,7 +373,7 @@
if [ -e /dev/grsec ]; then if [ -e /dev/grsec ]; then
Display --indent 2 --text "- Checking for available kernel update" --result GRSEC --color GREEN Display --indent 2 --text "- Checking for available kernel update" --result GRSEC --color GREEN
LogText "Result: Grsecurity is installed; unable to determine if there's a newer kernel available" LogText "Result: Grsecurity is installed; unable to determine if there's a newer kernel available"
ReportSuggestion ${TEST_NO} "Manually check to confirm you're using a recent kernel and grsecurity patch" ReportManual "Manually check to confirm you're using a recent kernel and grsecurity patch"
else else
Display --indent 2 --text "- Checking for available kernel update" --result OK --color GREEN Display --indent 2 --text "- Checking for available kernel update" --result OK --color GREEN
LogText "Result: no kernel update available" LogText "Result: no kernel update available"