mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-31 01:34:23 +02:00
Update tests_databases
Fix the process name for PostgreSQL Add new path to variable FIND_PATHS Fix variable CONFIG_FILES Check permissions for configuration files
This commit is contained in:
parent
e859b89cec
commit
49b5398266
@ -174,7 +174,7 @@
|
|||||||
# Description : Check if PostgreSQL is being used
|
# Description : Check if PostgreSQL is being used
|
||||||
Register --test-no DBS-1826 --weight L --network NO --category security --description "Checking active PostgreSQL processes"
|
Register --test-no DBS-1826 --weight L --network NO --category security --description "Checking active PostgreSQL processes"
|
||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
if IsRunning "postgres:"; then
|
if IsRunning "postgres"; then
|
||||||
Display --indent 2 --text "- PostgreSQL processes status" --result "${STATUS_FOUND}" --color GREEN
|
Display --indent 2 --text "- PostgreSQL processes status" --result "${STATUS_FOUND}" --color GREEN
|
||||||
LogText "Result: PostgreSQL is active"
|
LogText "Result: PostgreSQL is active"
|
||||||
POSTGRESQL_RUNNING=1
|
POSTGRESQL_RUNNING=1
|
||||||
@ -203,11 +203,17 @@
|
|||||||
|
|
||||||
Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration"
|
Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration"
|
||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data"
|
FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data"
|
||||||
CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}" | ${SEDBINARY} "s/ /:space:/g"')
|
CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g")
|
||||||
for CF in ${CONFIG_FILES}; do
|
for CF in ${CONFIG_FILES}; do
|
||||||
Report "postgresql_config_file[]=${CF}"
|
Report "postgresql_config_file[]=${CF}"
|
||||||
LogText "Found configuration file (${CF})"
|
LogText "Found configuration file (${CF})"
|
||||||
|
if IsWorldReadable ${CF}; then
|
||||||
|
LogText "Result: configuration file ${CF} is world readable, this might leak sensitive information!"
|
||||||
|
ReportWarning "${TEST_NO}" "PostgreSQL configuration file ${CF} is world readable and might leak sensitive details" "${CF}" "Use chmod 600 to change file permissions"
|
||||||
|
else
|
||||||
|
LogText "Result: great, configuration file ${CF} is not world readable"
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
|
Loading…
x
Reference in New Issue
Block a user