tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support spaces in file names (#444) 

File names may contain spaces
This commit is contained in:
Bruno Vernay 2017-08-29 14:32:42 +02:00 committed by Michael Boelen
parent de65787b3a
commit 4107d8a461
1 changed files with 26 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
include/tests_crypto
View File

@ -44,38 +44,36 @@
if [ ${CANREAD} -eq 1 ]; then if [ ${CANREAD} -eq 1 ]; then
LogText "Result: found directory ${DIR}" LogText "Result: found directory ${DIR}"
# Search for CRT files # Search for CRT files
sFINDCRTS=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".crt$|.pem$|^cert" | ${SORTBINARY}) ${FINDBINARY} ${DIR} -type f -print0 | ${EGREPBINARY} -z ".crt$|.pem$|^cert" | ${SORTBINARY} -z | while IFS= read -r -d $'\0' FILE; do
if [ ! -z "${sFINDCRTS}" ]; then FileIsReadable "${FILE}"
for FILE in ${sFINDCRTS}; do if [ ${CANREAD} -eq 1 ]; then
FileIsReadable ${FILE} # Only check the files that are not installed by a package
if [ ${CANREAD} -eq 1 ]; then if ! FileInstalledByPackage "${FILE}"; then
# Only check the files that are not installed by a package COUNT_DIR=$((COUNT_DIR + 1))
if ! FileInstalledByPackage ${FILE}; then LogText "Test: checking file and determining if it is certificate ${FILE}"
COUNT_DIR=$((COUNT_DIR + 1)) FIND=$(${OPENSSLBINARY} x509 -noout -in "${FILE}" -enddate 2> /dev/null | ${GREPBINARY} "^notAfter")
LogText "Test: checking file and determining if it is certificate ${FILE}" if [ $? -eq 0 ]; then
FIND=$(${OPENSSLBINARY} x509 -noout -in ${FILE} -enddate 2> /dev/null | ${GREPBINARY} "^notAfter") # Check certificate where 'end date' has been expired
if [ $? -eq 0 ]; then FIND=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in "${FILE}" -enddate 2> /dev/null)
# Check certificate where 'end date' has been expired EXIT_CODE=$?
FIND=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in ${FILE} -enddate 2> /dev/null) CERT_CN=$(${OPENSSLBINARY} x509 -noout -subject -in "${FILE}" 2> /dev/null | ${SEDBINARY} -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/')
EXIT_CODE=$? CERT_NOTAFTER=$(${OPENSSLBINARY} x509 -noout -enddate -in "${FILE}" 2> /dev/null | ${AWKBINARY} -F= '{if ($1=="notAfter") { print $2 }}')
CERT_CN=$(${OPENSSLBINARY} x509 -noout -subject -in ${FILE} 2> /dev/null | ${SEDBINARY} -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/') Report "certificate[]=${FILE}|${EXIT_CODE}|cn:${CERT_CN};notafter:${CERT_NOTAFTER};|"
CERT_NOTAFTER=$(${OPENSSLBINARY} x509 -noout -enddate -in ${FILE} 2> /dev/null | ${AWKBINARY} -F= '{if ($1=="notAfter") { print $2 }}') if [ ${EXIT_CODE} -eq 0 ]; then
Report "certificate[]=${FILE}|${EXIT_CODE}|cn:${CERT_CN};notafter:${CERT_NOTAFTER};|" LogText "Result: certificate ${FILE} seems to be correct and still valid"
if [ ${EXIT_CODE} -eq 0 ]; then
LogText "Result: certificate ${FILE} seems to be correct and still valid"
else
FOUNDPROBLEM=1
LogText "Result: certificate ${FILE} has been expired"
fi
else else
LogText "Result: skipping tests for this file (${FILE}) as it is most likely not a certificate (a key file?)" FOUNDPROBLEM=1
LogText "Result: certificate ${FILE} has been expired"
fi fi
else
LogText "Result: skipping tests for this file (${FILE}) as it is most likely not a certificate (a key file?)"
fi fi
else
LogText "Result: can not read file ${FILE} (no permission)"
fi fi
done else
else LogText "Result: can not read file ${FILE} (no permission)"
fi
done
if [ -z "$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".crt$|.pem$|^cert")" ]; then
LogText "Result: no certificates found in directory ${DIR}" LogText "Result: no certificates found in directory ${DIR}"
fi fi
else else