From 4f5eedabfcc6eb015ef0c184e6ec829cc0cf7867 Mon Sep 17 00:00:00 2001 From: mboelen Date: Thu, 24 Sep 2015 16:45:03 +0200 Subject: [PATCH] Added the detection of LMD, or Linux Malware Detect tooling --- include/binaries | 1 + include/consts | 2 ++ include/tests_malware | 22 +++++++++++++++++----- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/include/binaries b/include/binaries index a6af374b..3329d25e 100644 --- a/include/binaries +++ b/include/binaries @@ -124,6 +124,7 @@ kldstat) KLDSTATFOUND=1; KLDSTATBINARY="${BINARY}"; logtext " Found known binary: kldstat (kernel modules) - ${BINARY}" ;; kstat) KSTATFOUND=1; KSTATBINARY="${BINARY}"; logtext " Found known binary: kstat (kernel statistics) - ${BINARY}" ;; launchctl) LAUNCHCTLBINARY="${BINARY}"; SERVICE_MANAGER="launchd"; logtext " Found known binary: launchctl (launchd client) - ${BINARY}" ;; + lmd) LMDFOUND=1; LMDBINARY="${BINARY}"; MALWARE_SCANNER_INSTALLED=1; logtext " Found known binary: lmd (malware scanner) - ${BINARY}" ;; locate) LOCATEFOUND=1; LOCATEBINARY="${BINARY}"; logtext " Found known binary: locate (file database) - ${BINARY}" ;; logrotate) LOGROTATEFOUND=1; LOGROTATEBINARY="${BINARY}"; logtext " Found known binary: logrotate (log rotation tool) - ${BINARY}" ;; ls) LSFOUND=1; LSBINARY="${BINARY}"; logtext " Found known binary: ls (file listing) - ${BINARY}" ;; diff --git a/include/consts b/include/consts index 0295df72..a7f2386c 100644 --- a/include/consts +++ b/include/consts @@ -71,6 +71,8 @@ unset LANG IPTABLESBINARY="" LINUX_VERSION="" LINUXCONFIGFILE="" + LMDBINARY="" + LMDFOUND=0 LOGFILE="" LYNIS_COMPLIANCE_TESTS=0 MACHINEID="" diff --git a/include/tests_malware b/include/tests_malware index 75517156..5903826b 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -62,6 +62,23 @@ fi # ################################################################################# +# + # Test : MALW-3278 + # Description : Check for installed tool (Linux Malware Detect or LMD) + Register --test-no MALW-3278 --weight L --network NO --description "Check for LMD" + if [ ${SKIPTEST} -eq 0 ]; then + logtext "Test: checking presence LMD" + if [ ! "${LMDBINARY}" = "" ]; then + Display --indent 2 --text "- Checking LMD (Linux Malware Detect)" --result "FOUND" --color GREEN + logtext "Result: Found ${LMDBINARY}" + MALWARE_SCANNER_INSTALLED=1 + AddHP 2 2 + else + logtext "Result: LMD not found" + fi + fi +# +################################################################################# # # Test : MALW-3280 # Description : Check if an anti-virus tool is installed @@ -184,11 +201,6 @@ fi # ################################################################################# -# - # Test : MALW-3204 - # Description : Check for LMD -# -################################################################################# # report "malware_scanner_installed=${MALWARE_SCANNER_INSTALLED}"