tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-31 01:34:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update tests_databases

Browse Source 
Fix the process name for PostgreSQL
Add new path to variable FIND_PATHS
Fix variable CONFIG_FILES
Check permissions for configuration files
This commit is contained in:
teoberi 2021-01-03 12:02:38 +02:00 committed by GitHub
parent e859b89cec
commit 49b5398266
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
include/tests_databases
View File

@ -174,7 +174,7 @@
# Description : Check if PostgreSQL is being used # Description : Check if PostgreSQL is being used
Register --test-no DBS-1826 --weight L --network NO --category security --description "Checking active PostgreSQL processes" Register --test-no DBS-1826 --weight L --network NO --category security --description "Checking active PostgreSQL processes"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
if IsRunning "postgres:"; then if IsRunning "postgres"; then
Display --indent 2 --text "- PostgreSQL processes status" --result "${STATUS_FOUND}" --color GREEN Display --indent 2 --text "- PostgreSQL processes status" --result "${STATUS_FOUND}" --color GREEN
LogText "Result: PostgreSQL is active" LogText "Result: PostgreSQL is active"
POSTGRESQL_RUNNING=1 POSTGRESQL_RUNNING=1
@ -203,11 +203,17 @@
Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration" Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data" FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data"
CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}" | ${SEDBINARY} "s/ /:space:/g"') CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g")
for CF in ${CONFIG_FILES}; do for CF in ${CONFIG_FILES}; do
Report "postgresql_config_file[]=${CF}" Report "postgresql_config_file[]=${CF}"
LogText "Found configuration file (${CF})" LogText "Found configuration file (${CF})"
if IsWorldReadable ${CF}; then
LogText "Result: configuration file ${CF} is world readable, this might leak sensitive information!"
ReportWarning "${TEST_NO}" "PostgreSQL configuration file ${CF} is world readable and might leak sensitive details" "${CF}" "Use chmod 600 to change file permissions"
else
LogText "Result: great, configuration file ${CF} is not world readable"
fi
done done
fi fi
# #