diff --git a/include/report b/include/report index 363fdd7e..cf4cfb6e 100644 --- a/include/report +++ b/include/report @@ -208,39 +208,20 @@ echo "================================================================================" echo "" echo " ${WHITE}Lynis security scan details${NORMAL}:" - echo "" - echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}" - echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}" - if [ ${SKIP_PLUGINS} -eq 0 ]; then - echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}" - else - echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}Skipped${NORMAL}" - fi - echo "" - echo " ${WHITE}Components${NORMAL}:" - if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi - if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then MALWARE="${GREEN}V"; else MALWARE="${RED}X"; fi - if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then IDSIPS="${GREEN}V"; else IDSIPS="${RED}X"; fi - - echo " - Firewall [${FIREWALL}${NORMAL}]" - #echo " - Integrity monitoring [${IDSIPS}${NORMAL}]" - #echo " - Intrusion software [${IDSIPS}${NORMAL}]" - echo " - Malware scanner [${MALWARE}${NORMAL}]" - echo "" echo " ${SECTION}Scan mode${NORMAL}:" if [ ${DEVOPS_MODE} -eq 1 ]; then - echo " Normal [ ] Forensics [ ] Integration [V] Pentest [ ]" + echo " Normal [ ] Forensics [ ] Integration [▆] Pentest [ ]" elif [ ${FORENSICS_MODE} -eq 1 ]; then - echo " Normal [ ] Forensics [V] Integration [ ] Pentest [ ]" + echo " Normal [ ] Forensics [▆] Integration [ ] Pentest [ ]" elif [ ${PENTESTINGMODE} -eq 1 ]; then if [ ${PRIVILEGED} -eq 0 ]; then - echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [V] (running non-privileged)" + echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [▆] (running non-privileged)" else - echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [V] (running privileged)" + echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [▆] (running privileged)" fi else - echo " Normal [V] Forensics [ ] Integration [ ] Pentest [ ]" + echo " Normal [▆] Forensics [ ] Integration [ ] Pentest [ ]" fi echo "" @@ -253,6 +234,26 @@ echo " - Compliance status [${COMPLIANCE}${NORMAL}]" echo " - Security audit [${GREEN}V${NORMAL}]" echo " - Vulnerability scan [${GREEN}V${NORMAL}]" + echo "" + echo " ${SECTION}Details${NORMAL}:" + echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}" + echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}" + if [ ${SKIP_PLUGINS} -eq 0 ]; then + echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}" + else + echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}Skipped${NORMAL}" + fi + echo "" + echo " ${SECTION}Software components${NORMAL}:" + if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi + if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then MALWARE="${GREEN}V"; else MALWARE="${RED}X"; fi + if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then IDSIPS="${GREEN}V"; else IDSIPS="${RED}X"; fi + + echo " - Firewall [${FIREWALL}${NORMAL}]" + #echo " - Integrity monitoring [${IDSIPS}${NORMAL}]" + echo " - Intrusion software [${IDSIPS}${NORMAL}]" + echo " - Malware scanner [${MALWARE}${NORMAL}]" + echo "" echo " ${SECTION}Files${NORMAL}:" echo " - Test and debug information : ${WHITE}${LOGFILE}${NORMAL}" @@ -264,6 +265,12 @@ echo " ${GEN_CURRENT_VERSION} : ${WHITE}${PROGRAM_AC}${NORMAL} ${GEN_LATEST_VERSION} : ${WHITE}${PROGRAM_LV}${NORMAL}" echo "================================================================================" else + if [ ${OLD_RELEASE} -eq 1 ]; then + echo "" + echo " ${NOTICE}Notice: ${WHITE}This version of ${PROGRAM_NAME} is older than 6 months and might be outdated. Check the project page if a newer version is available.${NORMAL}" + echo "" + echo "================================================================================" + fi ########################################################################################### # # Software quality program @@ -291,8 +298,8 @@ # Display what tests are skipped in non-privileged scan for awareness if [ ${PENTESTINGMODE} -eq 1 -a ! "${SKIPPED_TESTS_ROOTONLY}" = "" ]; then echo "" - echo " ${PURPLE}${NOTE_SKIPPED_TESTS_NON_PRIVILEGED}${NORMAL}" - + echo " ${PURPLE}${NOTE_SKIPPED_TESTS_NON_PRIVILEGED}:${NORMAL}" + echo "" FIND=$(echo ${SKIPPED_TESTS_ROOTONLY} | sed 's/ /:space:/g') # Split entries FIND=$(echo ${FIND} | sed 's/====/ /g') diff --git a/lynis b/lynis index 4a1720d1..4e65f4a9 100755 --- a/lynis +++ b/lynis @@ -789,44 +789,51 @@ ${NORMAL} fi OLD_RELEASE=0 - TIME_DIFFERENCE_CHECK=10368000 # 4 months + TIME_DIFFERENCE_CHECK=15552000 # approx 6 months RELEASE_PLUS_TIMEDIFF=$((PROGRAM_RELEASE_TIMESTAMP + TIME_DIFFERENCE_CHECK)) NOW=$(date "+%s") if [ ${NOW} -gt ${RELEASE_PLUS_TIMEDIFF} ]; then - # Show if release is old, only if we didn't show it with normal update check - if [ ${UPDATE_AVAILABLE} -eq 0 ]; then - ReportSuggestion "LYNIS" "This release is more than 4 months old. Check the website or GitHub to see if there is an update available." - fi OLD_RELEASE=1 fi - # Show on screen message if release is very outdated (unless --quiet/--silent is used) - if [ ${UPDATE_AVAILABLE} -eq 1 -a ${QUIET} -eq 0 ]; then - echo "" - echo " ===============================================================================" - echo " ${CYAN}${PROGRAM_NAME} ${TEXT_UPDATE_AVAILABLE}${NORMAL}" - echo " ===============================================================================" - echo "" - if [ ${OLD_RELEASE} -eq 1 ]; then - echo " ${YELLOW}Current version is more than 4 months old${NORMAL}" + # Show on screen message if there is an update available or when the release is outdated + # Do not show any output when quiet mode is used (--quiet/--silent) + if [ ${QUIET} -eq 0 ]; then + if [ ${UPDATE_AVAILABLE} -eq 1 ]; then echo "" - fi - if [ ${PROGRAM_LV} -gt 0 ]; then - echo " Current version : ${YELLOW}${PROGRAM_AC}${NORMAL} Latest version : ${GREEN}${PROGRAM_LV}${NORMAL}" + echo " ===============================================================================" + echo " ${CYAN}${PROGRAM_NAME} ${TEXT_UPDATE_AVAILABLE}${NORMAL}" + echo " ===============================================================================" echo "" + if [ ${PROGRAM_LV} -gt 0 ]; then + echo " Current version : ${YELLOW}${PROGRAM_AC}${NORMAL} Latest version : ${GREEN}${PROGRAM_LV}${NORMAL}" + echo "" + fi + echo " ${WHITE}Please update to the latest version.${NORMAL}" + echo " New releases include additional features, bug fixes, and tests.${NORMAL}" + elif [ ${OLD_RELEASE} -eq 1 ]; then + echo "" + echo " ===============================================================================" + echo " ${CYAN}${PROGRAM_NAME} might be outdated${NORMAL}" + echo " ===============================================================================" + echo "" + echo " ${YELLOW}Current version is more than 6 months old${NORMAL}" + echo " This version might be ${WHITE}Please check if there is a more recent version available.${NORMAL}" + echo "" + echo " ${WHITE}Please check if there is a more recent version available.${NORMAL}" + fi + if [ ${OLD_RELEASE} -eq 1 -o ${UPDATE_AVAILABLE} -eq 1 ]; then + echo "" + echo " Download locations:" + echo "" + echo " Packages (DEB/RPM) - https://packages.cisofy.com/" + echo " Website (TAR) - https://cisofy.com/downloads/" + echo " GitHub - https://github.com/CISOfy/lynis" + echo "" + echo " ===============================================================================" + echo "" + sleep 5 fi - echo " ${WHITE}Please update to the latest version.${NORMAL}" - echo " New releases include additional features, bug fixes, tests, and baselines.${NORMAL}" - echo "" - echo " Download the latest version:" - echo "" - echo " Packages (DEB/RPM) - https://packages.cisofy.com" - echo " Website (TAR) - https://cisofy.com/downloads/" - echo " GitHub (source) - https://github.com/CISOfy/lynis" - echo "" - echo " ===============================================================================" - echo "" - sleep 5 fi LogTextBreak