tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-26 23:34:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Tests using lsof may ignore threads (if supported)

Browse Source
This commit is contained in:
Michael Boelen 2019-09-13 11:47:39 +02:00
parent 7d33353058
commit 5c38a0bdb4
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
5 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
include/binaries
View File

@ -189,7 +189,15 @@
lsattr) LSATTRBINARY="${BINARY}"; LogText " Found known binary: lsattr (file attributes) - ${BINARY}" ;; lsattr) LSATTRBINARY="${BINARY}"; LogText " Found known binary: lsattr (file attributes) - ${BINARY}" ;;
lsblk) LSBLKBINARY="${BINARY}"; LogText " Found known binary: lsblk (block devices) - ${BINARY}" ;; lsblk) LSBLKBINARY="${BINARY}"; LogText " Found known binary: lsblk (block devices) - ${BINARY}" ;;
lsmod) LSMODBINARY="${BINARY}"; LogText " Found known binary: lsmod (kernel modules) - ${BINARY}" ;; lsmod) LSMODBINARY="${BINARY}"; LogText " Found known binary: lsmod (kernel modules) - ${BINARY}" ;;
lsof) LSOFBINARY="${BINARY}"; LogText " Found known binary: lsof (open files) - ${BINARY}" ;; lsof)
LSOFBINARY="${BINARY}"
LogText " Found known binary: lsof (open files) - ${BINARY}"
DATA=$(${LSOFBINARY} -h 2>&1 | grep "\-K \[i\] list\|\(i\)gn tasKs")
if [ $? -eq 0 ]; then
LogText "Note: added -K i to ignore tasks on Linux"
LSOF_EXTRA_OPTIONS=" -K i"
fi
;;
lsvg) LSVGBINARY=${BINARY}; LogText " Found known binary: lsvg (volume manager) - ${BINARY}" ;; lsvg) LSVGBINARY=${BINARY}; LogText " Found known binary: lsvg (volume manager) - ${BINARY}" ;;
lvdisplay) LVDISPLAYBINARY="${BINARY}"; LogText " Found known binary: lvdisplay (LVM tool) - ${BINARY}" ;; lvdisplay) LVDISPLAYBINARY="${BINARY}"; LogText " Found known binary: lvdisplay (LVM tool) - ${BINARY}" ;;
lynx) LYNXBINARY="${BINARY}"; LYNXVERSION=$(${BINARY} -version | grep "^Lynx Version" | cut -d ' ' -f3); LogText "Found known binary: lynx (browser) - ${BINARY} (version ${LYNXVERSION})" ;; lynx) LYNXBINARY="${BINARY}"; LYNXVERSION=$(${BINARY} -version | grep "^Lynx Version" | cut -d ' ' -f3); LogText "Found known binary: lynx (browser) - ${BINARY} (version ${LYNXVERSION})" ;;

2
include/consts
View File

@ -150,6 +150,8 @@ unset LANG
LOGDIR="" LOGDIR=""
LOGTEXT=1 LOGTEXT=1
LSMODBINARY="" LSMODBINARY=""
LSOFBINARY=""
LSOF_EXTRA_OPTIONS=""
LSVGBINARY="" LSVGBINARY=""
LYNIS_CRONJOB="" LYNIS_CRONJOB=""
MACHINEID="" MACHINEID=""

2
include/functions
View File

@ -2336,7 +2336,7 @@
else else
if [ $# -eq 2 ] && [ $1 = "TCP" -o $1 = "UDP" ]; then if [ $# -eq 2 ] && [ $1 = "TCP" -o $1 = "UDP" ]; then
LogText "Test: find service listening on $1:$2" LogText "Test: find service listening on $1:$2"
if [ $1 = "TCP" ]; then FIND=$(${LSOFBINARY} -i${1} -s${1}:LISTEN -P -n | grep ":${2} "); else FIND=$(${LSOFBINARY} -i${1} -P -n | grep ":${2} "); fi if [ $1 = "TCP" ]; then FIND=$(${LSOFBINARY}${LSOF_EXTRA_OPTIONS} -i${1} -s${1}:LISTEN -P -n | grep ":${2} "); else FIND=$(${LSOFBINARY}${LSOF_EXTRA_OPTIONS} -i${1} -P -n | grep ":${2} "); fi
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
LogText "Result: found service listening on port $2 ($1)" LogText "Result: found service listening on port $2 ($1)"
return 0 return 0

8
include/tests_logging
View File

@ -510,7 +510,7 @@
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: checking open log files with lsof" LogText "Test: checking open log files with lsof"
if [ -n "${LSOFBINARY}" ]; then if [ -n "${LSOFBINARY}" ]; then
FIND=$(${LSOFBINARY} -n 2>&1 | ${GREPBINARY} "log$" | ${EGREPBINARY} -v "WARNING|Output information" | ${AWKBINARY} '{ if ($5=="REG") { print $9 } }' | ${SORTBINARY} -u | ${GREPBINARY} -v "^$") FIND=$(${LSOFBINARY}${LSOF_EXTRA_OPTIONS} -n 2>&1 | ${GREPBINARY} "log$" | ${EGREPBINARY} -v "WARNING|Output information" | ${AWKBINARY} '{ if ($5=="REG") { print $9 } }' | ${SORTBINARY} -u | ${GREPBINARY} -v "^$")
for I in ${FIND}; do for I in ${FIND}; do
LogText "Found logfile: ${I}" LogText "Found logfile: ${I}"
done done
@ -548,7 +548,7 @@
LSOF_GREP="${LSOF_GREP}|anacron|awk|run-parts" LSOF_GREP="${LSOF_GREP}|anacron|awk|run-parts"
fi fi
FIND=$(${LSOFBINARY} -n +L 1 2>&1 | ${EGREPBINARY} -vw "${LSOF_GREP}" | ${EGREPBINARY} -v '/dev/zero|/\[aio\]' | ${AWKBINARY} '{ if ($5=="REG") { printf "%s(%s)\n", $10, $1 } }' | ${GREPBINARY} -v "^$" | ${SORTBINARY} -u) FIND=$(${LSOFBINARY}${LSOF_EXTRA_OPTIONS} -n +L 1 2>&1 | ${EGREPBINARY} -vw "${LSOF_GREP}" | ${EGREPBINARY} -v '/dev/zero|/\[aio\]' | ${AWKBINARY} '{ if ($5=="REG") { printf "%s(%s)\n", $10, $1 } }' | ${GREPBINARY} -v "^$" | ${SORTBINARY} -u)
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
LogText "Result: found one or more files which are deleted, but still in use" LogText "Result: found one or more files which are deleted, but still in use"
for I in ${FIND}; do for I in ${FIND}; do
@ -567,10 +567,10 @@
# #
# Test : LOGG-2192 # Test : LOGG-2192
# Description : Check for open log files which are empty. This may indicate a problem with log rotation, or unused services # Description : Check for open log files which are empty. This may indicate a problem with log rotation, or unused services
if [ ! "${LSOFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi if [ -n "${LSOFBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no LOGG-2192 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for open log files that are empty" Register --test-no LOGG-2192 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for open log files that are empty"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(${LSOFBINARY} -n -w | ${AWKBINARY} '{if ($5=="REG" && $7=="0" && $9 ~ /log$/) {print $1","$9}}' | ${SORTBINARY} | uniq) FIND=$(${LSOFBINARY}${LSOF_EXTRA_OPTIONS} -n -w | ${AWKBINARY} '{if ($5=="REG" && $7=="0" && $9 ~ /log$/) {print $1","$9}}' | ${SORTBINARY} | uniq)
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
for I in ${FIND}; do for I in ${FIND}; do
LogText "Found an opened logfile that is empty: ${I}" LogText "Found an opened logfile that is empty: ${I}"

2
include/tests_networking
View File

@ -402,7 +402,7 @@
if [ -n "${LSOFBINARY}" ]; then if [ -n "${LSOFBINARY}" ]; then
LogText "Test: Retrieving lsof information to find listening ports" LogText "Test: Retrieving lsof information to find listening ports"
# UDP and TCP combined # UDP and TCP combined
FIND=$(${LSOFBINARY} -i -P | ${AWKBINARY} '{ print $9"|"$8"|"$1"|" }' | ${SEDBINARY} 's/\(.*\)\-\>.*\(\|.*\)/\1\2/' | ${SEDBINARY} 's/\*/'$IP'/' | ${SORTBINARY} -u | ${GREPBINARY} -v "NAME") FIND=$(${LSOFBINARY}${LSOF_EXTRA_OPTIONS} -i -P | ${AWKBINARY} '{ print $9"|"$8"|"$1"|" }' | ${SEDBINARY} 's/\(.*\)\-\>.*\(\|.*\)/\1\2/' | ${SEDBINARY} 's/\*/'$IP'/' | ${SORTBINARY} -u | ${GREPBINARY} -v "NAME")
else else
FIND="" FIND=""
fi fi