tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-27 15:54:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

[TIME-3160] improvements to detect step-ticker file and entries

Browse Source
This commit is contained in:
Michael Boelen 2018-03-10 12:26:09 +01:00
parent 1d982a26d0
commit 40282cde49
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 30 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
include/tests_time
View File

@ -422,20 +422,20 @@
# Test : TIME-3160
# Description : Check empty NTP step-tickers
# Notes : Mostly applies to Red Hat and clones
if [ "${NTPD_RUNNING}" -eq 1 -a ! -z "${NTPQBINARY}" -a ! -z "${CHKCONFIGBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
FILE="${ROOTDIR}etc/ntp/step-tickers"
if [ "${NTPD_RUNNING}" -eq 1 -a ! -z "${NTPQBINARY}" -a -f "${FILE}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no TIME-3160 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check empty NTP step-tickers"
if [ ${SKIPTEST} -eq 0 ]; then
FOUND=0
FILE="/etc/ntp/step-tickers"
if [ -f ${FILE} ]; then
if [ ! -s "${FILE}" ]; then
OUTPUT=$(${AWKBINARY} '/^[a-z0-9]/ { print $1 }' ${FILE})
if [ -z "${OUTPUT}" ]; then
LogText "Result: ${FILE} is empty. The step-tickers contain no configured NTP servers"
Display --indent 2 --text "- Checking NTP step-tickers file" --result "EMPTY FILE" --color YELLOW
ReportSuggestion ${TEST_NO} "Use step-tickers file for quicker time synchronization"
else
LogText "Result: /etc/ntp/step-tickers is not empty, which is fine"
LogText "Result: ${FILE} is not empty, which is fine"
Display --indent 2 --text "- Checking NTP step-tickers file" --result "${STATUS_OK}" --color GREEN
sFIND=$(${AWKBINARY} '/^server/ { print $2 }' /etc/ntp.conf | ${GREPBINARY} -v '127.127.1.0')
sFIND=$(${AWKBINARY} '/^[a-z0-9]/ { print $1 }' ${FILE} | ${EGREPBINARY} -v "^127." | ${EGREPBINARY} -v "^::1")
for I in ${sFIND}; do
FIND=$(${GREPBINARY} ^${I} ${FILE} | wc -l)
if [ ${FIND} -gt 0 ]; then
@ -457,9 +457,6 @@
fi
LogText "Information: step-tickers is used by ntpdate where as ntp.conf is the configuration file for the ntpd daemon. ntpdate is initially run to set the clock before ntpd to make sure time is within 1000 sec."
LogText "Risk: ntp will not run at boot if the time difference between the server and client by more then 1000 sec."
else
LogText "Result: test skipped because ${FILE} not found"
fi
fi
#
#################################################################################