tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve process detection

This commit is contained in:
Michael Boelen 2017-09-16 14:08:26 +02:00
parent ccf9db18f8
commit 499f7d5015
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
3 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
include/binaries
View File

@ -173,7 +173,7 @@
lsattr) LSATTRFOUND=1; LSATTRBINARY="${BINARY}"; LogText " Found known binary: lsattr (file attributes) - ${BINARY}" ;;
lsmod) LSMODFOUND=1; LSMODBINARY="${BINARY}"; LogText " Found known binary: lsmod (kernel modules) - ${BINARY}" ;;
lsof) LSOFFOUND=1; LSOFBINARY="${BINARY}"; LogText " Found known binary: lsof (open files) - ${BINARY}" ;;
lynx) LYNXFOUND=1; LYNXBINARY="${BINARY}"; LYNXVERSION=$(${BINARY} -version | grep "^Lynx Version" | cut -d ' ' -f3); LogText "Found known binary: lynx (browser) - ${BINARY} (version ${LYNXVERSION})" ;;
lynx) LYNXFOUND=1; LYNXBINARY="${BINARY}"; LYNXVERSION=$(${BINARY} -version | grep "^Lynx Version" | cut -d ' ' -f3); LogText "Found known binary: lynx (browser) - ${BINARY} (version ${LYNXVERSION})" ;;
maldet) LMDFOUND=1; LMDBINARY="${BINARY}"; MALWARE_SCANNER_INSTALLED=1; LogText " Found known binary: maldet (Linux Malware Detect, malware scanner) - ${BINARY}" ;;
md5) MD5FOUND=1; MD5BINARY="${BINARY}"; LogText " Found known binary: md5 (hash tool) - ${BINARY}" ;;
md5sum) MD5FOUND=1; MD5BINARY="${BINARY}"; LogText " Found known binary: md5sum (hash tool) - ${BINARY}" ;;
@ -185,13 +185,13 @@
mysql) MYSQLCLIENTFOUND=1; MYSQLCLIENTBINARY="${BINARY}"; MYSQLCLIENTVERSION=$(${BINARY} -V | awk '{ if ($4=="Distrib") { print $5 }}' | sed 's/,//g') ; LogText "Found ${BINARY} (version: ${MYSQLCLIENTVERSION})" ;;
netstat) NETSTATFOUND=1; NETSTATBINARY="${BINARY}"; LogText " Found known binary: netstat (network statistics) - ${BINARY}" ;;
nft) NFTFOUND=1; NFTBINARY="${BINARY}"; LogText " Found known binary: nft (nftables client) - ${BINARY}" ;;
nmap) NMAPFOUND=1; NMAPBINARY="${BINARY}"; NMAPVERSION=$(${BINARY} -V | grep "^Nmap version" | awk '{ print $3 }'); LogText "Found ${BINARY} (version ${NMAPVERSION})" ;;
nmap) NMAPFOUND=1; NMAPBINARY="${BINARY}"; NMAPVERSION=$(${BINARY} -V | grep "^Nmap version" | awk '{ print $3 }'); LogText "Found ${BINARY} (version ${NMAPVERSION})" ;;
ntpq) NTPQFOUND=1; NTPQBINARY="${BINARY}"; LogText " Found known binary ntpq (time daemon client) - ${BINARY}" ;;
osiris) OSIRISFOUND=1; OSIRISBINARY="${BINARY}"; LogText " Found known binary: osiris - ${BINARY}" ;;
openssl) OPENSSLFOUND=1; OPENSSLBINARY="${BINARY}"; OPENSSLVERSION=$(${BINARY} version 2> /dev/null | head -n 1 | awk '{ print $2 }' | xargs); LogText "Found ${BINARY} (version ${OPENSSLVERSION})" ;;
openssl) OPENSSLFOUND=1; OPENSSLBINARY="${BINARY}"; OPENSSLVERSION=$(${BINARY} version 2> /dev/null | head -n 1 | awk '{ print $2 }' | xargs); LogText "Found ${BINARY} (version ${OPENSSLVERSION})" ;;
pacman) PACMANFOUND=1; PACMANBINARY="${BINARY}"; LogText " Found known binary: pacman (package manager) - ${BINARY}" ;;
perl) PERLFOUND=1; PERLBINARY="${BINARY}"; PERLVERSION=$(${BINARY} -V:version | sed 's/^version=//' | sed 's/;//' | xargs); LogText "Found ${BINARY} (version ${PERLVERSION})" ;;
pgrep) PGREPBINARY=${BINARY}; LogText " Found known binary: pgrep (search in process list) - ${BINARY}" ;;
perl) PERLFOUND=1; PERLBINARY="${BINARY}"; PERLVERSION=$(${BINARY} -V:version | sed 's/^version=//' | sed 's/;//' | xargs); LogText "Found ${BINARY} (version ${PERLVERSION})" ;;
pgrep) PGREPBINARY="${BINARY}"; LogText " Found known binary: pgrep (search in process list) - ${BINARY}" ;;
php) PHPFOUND=1; PHPBINARY="${BINARY}"; PHPVERSION=$(${BINARY} -v | awk '{ if ($1=="PHP") { print $2 }}' | head -1); LogText "Found known binary: php (programming language interpreter) - ${BINARY} (version ${PHPVERSION})" ;;
pkg)
PKG_BINARY="${BINARY}"

1
include/consts
View File

@ -195,6 +195,7 @@ unset LANG
PAM_PASSWORD_UXHISTORY_ENABLED=0
PFCTLBINARY=""
PFFOUND=0
PGREPBINARY=""
PIDFILE=""
PKG_BINARY=""
PKGADMINBINARY=""

13
include/functions
View File

@ -1245,10 +1245,15 @@
IsRunning() {
if [ $# -eq 0 ]; then ExitFatal "Missing parameter when calling IsRunning function"; fi
RUNNING=0
PSOPTIONS=" -o args="
if [ ${SHELL_IS_BUSYBOX} -eq 0 ]; then PSOPTIONS=" -o args= -C $1"; fi
FIND=$(${PSBINARY} ${PSOPTIONS} | egrep "( |/)$1" | grep -v "grep")
if [ ! "${FIND}" = "" ]; then
if [ ! -z "${PGREPBINARY}" ]; then
FIND=$(${PGREPBINARY} -x $1)
else
PSOPTIONS=" -o args="
if [ ${SHELL_IS_BUSYBOX} -eq 0 ]; then PSOPTIONS=" -o args= -C $1"; fi
FIND=$(${PSBINARY} ${PSOPTIONS} | egrep "( |/)$1" | grep -v "grep")
fi
if [ ! -z "${FIND}" ]; then
RUNNING=1
LogText "IsRunning: process '$1' found (${FIND})"
return 0