tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Initial work to detect Lynis in cronjobs

This commit is contained in:
Michael Boelen 2019-03-14 12:32:19 +01:00
parent 3e7b319ec7
commit 48195ce221
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
2 changed files with 28 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/consts
View File

@ -139,6 +139,7 @@ unset LANG
LOGTEXT=1 LOGTEXT=1
LSMODBINARY="" LSMODBINARY=""
LSVGBINARY="" LSVGBINARY=""
LYNIS_CRONJOB=""
MACHINEID="" MACHINEID=""
MACHINE_ROLE="" MACHINE_ROLE=""
MALWARE_SCANNER_INSTALLED=0 MALWARE_SCANNER_INSTALLED=0

41
include/tests_scheduling
View File

@ -61,6 +61,7 @@
CRONTAB_FILE="${ROOTDIR}etc/crontab" CRONTAB_FILE="${ROOTDIR}etc/crontab"
if [ -f ${CRONTAB_FILE} ]; then if [ -f ${CRONTAB_FILE} ]; then
${EGREPBINARY} -q -s 'lynis audit system' ${CRONTAB_FILE} && LYNIS_CRONJOB="file:/etc/crontab"
if IsWorldWritable ${CRONTAB_FILE}; then LogText "Result: insecure file permissions for cronjob file ${CRONTAB_FILE}"; Report "insecure_fileperms_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi if IsWorldWritable ${CRONTAB_FILE}; then LogText "Result: insecure file permissions for cronjob file ${CRONTAB_FILE}"; Report "insecure_fileperms_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi
if ! IsOwnedByRoot ${CRONTAB_FILE}; then LogText "Result: incorrect owner found for cronjob file ${CRONTAB_FILE}"; Report "bad_fileowner_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi if ! IsOwnedByRoot ${CRONTAB_FILE}; then LogText "Result: incorrect owner found for cronjob file ${CRONTAB_FILE}"; Report "bad_fileowner_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi
FindCronJob ${CRONTAB_FILE} FindCronJob ${CRONTAB_FILE}
@ -85,6 +86,8 @@
for FILE in ${FIND}; do for FILE in ${FIND}; do
if IsWorldWritable ${FILE}; then LogText "Result: insecure file permissions for cronjob file ${J}"; Report "insecure_fileperms_cronjob[]=${J}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi if IsWorldWritable ${FILE}; then LogText "Result: insecure file permissions for cronjob file ${J}"; Report "insecure_fileperms_cronjob[]=${J}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi
if ! IsOwnedByRoot ${FILE}; then LogText "Result: incorrect owner found for cronjob file ${J}"; Report "bad_fileowner_cronjob[]=${J}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi if ! IsOwnedByRoot ${FILE}; then LogText "Result: incorrect owner found for cronjob file ${J}"; Report "bad_fileowner_cronjob[]=${J}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi
FILENAME=$(echo ${FILE} | ${AWKBINARY} -F/ '{print $NF}')
if [ "${FILENAME}" = "lynis" ]; then ${EGREPBINARY} -q -s 'lynis audit system' ${CRONTAB_FILE} && LYNIS_CRONJOB="file:${FILE}"; fi
FindCronJob ${FILE} FindCronJob ${FILE}
if HasData "${sCRONJOBS}"; then if HasData "${sCRONJOBS}"; then
for K in ${sCRONJOBS}; do for K in ${sCRONJOBS}; do
@ -115,11 +118,13 @@
LogText "Result: no files found in ${I}" LogText "Result: no files found in ${I}"
else else
LogText "Result: found one or more files in ${I}. Analyzing files.." LogText "Result: found one or more files in ${I}. Analyzing files.."
for J in ${FIND}; do for FILE in ${FIND}; do
if IsWorldWritable ${J}; then LogText "Result: insecure file permissions for cronjob file ${J}"; Report "insecure_fileperms_cronjob[]=${J}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi if IsWorldWritable ${FILE}; then LogText "Result: insecure file permissions for cronjob file ${FILE}"; Report "insecure_fileperms_cronjob[]=${FILE}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi
if ! IsOwnedByRoot ${J}; then LogText "Result: incorrect owner found for cronjob file ${J}"; Report "bad_fileowner_cronjob[]=${J}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi if ! IsOwnedByRoot ${FILE}; then LogText "Result: incorrect owner found for cronjob file ${FILE}"; Report "bad_fileowner_cronjob[]=${FILE}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi
LogText "Result: Found cronjob (${I}): ${J}" FILENAME=$(echo ${FILE} | ${AWKBINARY} -F/ '{print $NF}')
Report "cronjob[]=${J}" if [ "${FILENAME}" = "lynis" ]; then ${EGREPBINARY} -q -s 'lynis audit system' ${CRONTAB_FILE} && LYNIS_CRONJOB="file:${FILE}"; fi
LogText "Result: Found cronjob (${I}): ${FILE}"
Report "cronjob[]=${FILE}"
done done
LogText "Result: done with analyzing files in ${I}" LogText "Result: done with analyzing files in ${I}"
fi fi
@ -137,21 +142,23 @@
FIND=$(${FINDBINARY} /var/spool/cron/crontabs -xdev -type f -print 2> /dev/null) FIND=$(${FINDBINARY} /var/spool/cron/crontabs -xdev -type f -print 2> /dev/null)
for I in ${FIND}; do for I in ${FIND}; do
if FileIsReadable ${I}; then if FileIsReadable ${I}; then
${EGREPBINARY} -q -s 'lynis audit system' ${I} && LYNIS_CRONJOB="file:${I}"
FindCronJob ${I} FindCronJob ${I}
for J in ${sCRONJOBS}; do for FILE in ${sCRONJOBS}; do
LogText "Found cronjob (/var/spool/cron/crontabs): ${I} (${J})" LogText "Found cronjob (/var/spool/cron/crontabs): ${I} (${FILE})"
Report "cronjob[]=${I}" Report "cronjob[]=${I}"
done done
fi fi
done done
else else
if [ -d /var/spool/cron ]; then if [ -d ${ROOTDIR}var/spool/cron ]; then
FIND=$(find /var/spool/cron -type f -print) FIND=$(find ${ROOTDIR}var/spool/cron -type f -print)
for I in ${FIND}; do for I in ${FIND}; do
if FileIsReadable ${I}; then if FileIsReadable ${I}; then
${EGREPBINARY} -q -s 'lynis audit system' ${I} && LYNIS_CRONJOB="file:${I}"
FindCronJob ${I} FindCronJob ${I}
for J in ${sCRONJOBS}; do for FILE in ${sCRONJOBS}; do
LogText "Found cronjob (/var/spool/cron): ${I} (${J})" LogText "Found cronjob in ${ROOTDIR}var/spool/cron: ${I} (${FILE})"
LogText "cronjob[]=${I}" LogText "cronjob[]=${I}"
done done
fi fi
@ -177,12 +184,12 @@
# Show warning when an issue shows up. Even if *both* the permissions and ownership are wrong, just show one (prevent overload of warnings). # Show warning when an issue shows up. Even if *both* the permissions and ownership are wrong, just show one (prevent overload of warnings).
if [ ${BAD_FILE_PERMISSIONS} -eq 1 ]; then if [ ${BAD_FILE_PERMISSIONS} -eq 1 ]; then
ReportWarning "${TEST_NO}" "Found one or more cronjob files with incorrect file permissions (see log for details)" ReportWarning "${TEST_NO}" "Found one or more cronjob files with incorrect file permissions (see log for details)"
Display --indent 2 --text "- Checking crontab/cronjob" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Checking crontab and cronjobs files" --result "${STATUS_WARNING}" --color RED
elif [ ${BAD_FILE_OWNERSHIP} -eq 1 ]; then elif [ ${BAD_FILE_OWNERSHIP} -eq 1 ]; then
ReportWarning "${TEST_NO}" "Found one or more cronjob files with incorrect ownership (see log for details)" ReportWarning "${TEST_NO}" "Found one or more cronjob files with incorrect ownership (see log for details)"
Display --indent 2 --text "- Checking crontab/cronjob" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Checking crontab and cronjob files" --result "${STATUS_WARNING}" --color RED
else else
Display --indent 2 --text "- Checking crontab/cronjob" --result "${STATUS_DONE}" --color GREEN Display --indent 2 --text "- Checking crontab and cronjob files" --result "${STATUS_DONE}" --color GREEN
fi fi
fi fi
@ -298,6 +305,12 @@
################################################################################# #################################################################################
# #
if [ -z "${LYNIS_CRONJOB}" ]; then
LogText "Result: no scheduled Lynis execution found (e.g. crontab, cronjob)"
else
LogText "Result: found scheduled Lynis execution (${LYNIS_CRONJOB})"
fi
WaitForKeyPress WaitForKeyPress
# #