tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-09-23 18:07:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Changes to version check, outdated state, and how information is presented at the bottom report

Browse Source
This commit is contained in:
Michael Boelen 2025-07-31 11:12:45 +00:00
parent 76a4f4dfd8
commit 49402a07b6
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
2 changed files with 69 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
include/report
View File

@ -208,39 +208,20 @@
echo "================================================================================"
echo ""
echo " ${WHITE}Lynis security scan details${NORMAL}:"
echo ""
echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}"
echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}"
if [ ${SKIP_PLUGINS} -eq 0 ]; then
echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"
else
echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}Skipped${NORMAL}"
fi
echo ""
echo " ${WHITE}Components${NORMAL}:"
if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi
if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then MALWARE="${GREEN}V"; else MALWARE="${RED}X"; fi
if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then IDSIPS="${GREEN}V"; else IDSIPS="${RED}X"; fi
echo " - Firewall [${FIREWALL}${NORMAL}]"
#echo " - Integrity monitoring [${IDSIPS}${NORMAL}]"
#echo " - Intrusion software [${IDSIPS}${NORMAL}]"
echo " - Malware scanner [${MALWARE}${NORMAL}]"
echo ""
echo " ${SECTION}Scan mode${NORMAL}:"
if [ ${DEVOPS_MODE} -eq 1 ]; then
echo " Normal [ ] Forensics [ ] Integration [V] Pentest [ ]"
echo " Normal [ ] Forensics [ ] Integration [▆] Pentest [ ]"
elif [ ${FORENSICS_MODE} -eq 1 ]; then
echo " Normal [ ] Forensics [V] Integration [ ] Pentest [ ]"
echo " Normal [ ] Forensics [▆] Integration [ ] Pentest [ ]"
elif [ ${PENTESTINGMODE} -eq 1 ]; then
if [ ${PRIVILEGED} -eq 0 ]; then
echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [V] (running non-privileged)"
echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [▆] (running non-privileged)"
else
echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [V] (running privileged)"
echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [▆] (running privileged)"
fi
else
echo " Normal [V] Forensics [ ] Integration [ ] Pentest [ ]"
echo " Normal [▆] Forensics [ ] Integration [ ] Pentest [ ]"
fi
echo ""
@ -253,6 +234,26 @@
echo " - Compliance status [${COMPLIANCE}${NORMAL}]"
echo " - Security audit [${GREEN}V${NORMAL}]"
echo " - Vulnerability scan [${GREEN}V${NORMAL}]"
echo ""
echo " ${SECTION}Details${NORMAL}:"
echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}"
echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}"
if [ ${SKIP_PLUGINS} -eq 0 ]; then
echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"
else
echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}Skipped${NORMAL}"
fi
echo ""
echo " ${SECTION}Software components${NORMAL}:"
if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi
if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then MALWARE="${GREEN}V"; else MALWARE="${RED}X"; fi
if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then IDSIPS="${GREEN}V"; else IDSIPS="${RED}X"; fi
echo " - Firewall [${FIREWALL}${NORMAL}]"
#echo " - Integrity monitoring [${IDSIPS}${NORMAL}]"
echo " - Intrusion software [${IDSIPS}${NORMAL}]"
echo " - Malware scanner [${MALWARE}${NORMAL}]"
echo ""
echo " ${SECTION}Files${NORMAL}:"
echo " - Test and debug information : ${WHITE}${LOGFILE}${NORMAL}"
@ -264,6 +265,12 @@
echo " ${GEN_CURRENT_VERSION} : ${WHITE}${PROGRAM_AC}${NORMAL} ${GEN_LATEST_VERSION} : ${WHITE}${PROGRAM_LV}${NORMAL}"
echo "================================================================================"
else
if [ ${OLD_RELEASE} -eq 1 ]; then
echo ""
echo " ${NOTICE}Notice: ${WHITE}This version of ${PROGRAM_NAME} is older than 6 months and might be outdated. Check the project page if a newer version is available.${NORMAL}"
echo ""
echo "================================================================================"
fi
###########################################################################################
#
# Software quality program
@ -291,8 +298,8 @@
# Display what tests are skipped in non-privileged scan for awareness
if [ ${PENTESTINGMODE} -eq 1 -a ! "${SKIPPED_TESTS_ROOTONLY}" = "" ]; then
echo ""
echo " ${PURPLE}${NOTE_SKIPPED_TESTS_NON_PRIVILEGED}${NORMAL}"
echo " ${PURPLE}${NOTE_SKIPPED_TESTS_NON_PRIVILEGED}:${NORMAL}"
echo ""
FIND=$(echo ${SKIPPED_TESTS_ROOTONLY} | sed 's/ /:space:/g')
# Split entries
FIND=$(echo ${FIND} | sed 's/====/ /g')

37
lynis
View File

@ -789,45 +789,52 @@ ${NORMAL}
fi
OLD_RELEASE=0
TIME_DIFFERENCE_CHECK=10368000 # 4 months
TIME_DIFFERENCE_CHECK=15552000 # approx 6 months
RELEASE_PLUS_TIMEDIFF=$((PROGRAM_RELEASE_TIMESTAMP + TIME_DIFFERENCE_CHECK))
NOW=$(date "+%s")
if [ ${NOW} -gt ${RELEASE_PLUS_TIMEDIFF} ]; then
# Show if release is old, only if we didn't show it with normal update check
if [ ${UPDATE_AVAILABLE} -eq 0 ]; then
ReportSuggestion "LYNIS" "This release is more than 4 months old. Check the website or GitHub to see if there is an update available."
fi
OLD_RELEASE=1
fi
# Show on screen message if release is very outdated (unless --quiet/--silent is used)
if [ ${UPDATE_AVAILABLE} -eq 1 -a ${QUIET} -eq 0 ]; then
# Show on screen message if there is an update available or when the release is outdated
# Do not show any output when quiet mode is used (--quiet/--silent)
if [ ${QUIET} -eq 0 ]; then
if [ ${UPDATE_AVAILABLE} -eq 1 ]; then
echo ""
echo " ==============================================================================="
echo " ${CYAN}${PROGRAM_NAME} ${TEXT_UPDATE_AVAILABLE}${NORMAL}"
echo " ==============================================================================="
echo ""
if [ ${OLD_RELEASE} -eq 1 ]; then
echo " ${YELLOW}Current version is more than 4 months old${NORMAL}"
echo ""
fi
if [ ${PROGRAM_LV} -gt 0 ]; then
echo " Current version : ${YELLOW}${PROGRAM_AC}${NORMAL} Latest version : ${GREEN}${PROGRAM_LV}${NORMAL}"
echo ""
fi
echo " ${WHITE}Please update to the latest version.${NORMAL}"
echo " New releases include additional features, bug fixes, tests, and baselines.${NORMAL}"
echo " New releases include additional features, bug fixes, and tests.${NORMAL}"
elif [ ${OLD_RELEASE} -eq 1 ]; then
echo ""
echo " Download the latest version:"
echo " ==============================================================================="
echo " ${CYAN}${PROGRAM_NAME} might be outdated${NORMAL}"
echo " ==============================================================================="
echo ""
echo " Packages (DEB/RPM) - https://packages.cisofy.com"
echo " ${YELLOW}Current version is more than 6 months old${NORMAL}"
echo " This version might be ${WHITE}Please check if there is a more recent version available.${NORMAL}"
echo ""
echo " ${WHITE}Please check if there is a more recent version available.${NORMAL}"
fi
if [ ${OLD_RELEASE} -eq 1 -o ${UPDATE_AVAILABLE} -eq 1 ]; then
echo ""
echo " Download locations:"
echo ""
echo " Packages (DEB/RPM) - https://packages.cisofy.com/"
echo " Website (TAR) - https://cisofy.com/downloads/"
echo " GitHub (source) - https://github.com/CISOfy/lynis"
echo " GitHub - https://github.com/CISOfy/lynis"
echo ""
echo " ==============================================================================="
echo ""
sleep 5
fi
fi
LogTextBreak
#