mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-25 14:54:32 +02:00
[MALW-3280] Added detection of Symantic components
This commit is contained in:
Michael Boelen
parent
a331d26ea7
commit
5ccd0912cf
@ -36,6 +36,7 @@
|
|||||||
MCAFEE_SCANNER_RUNNING=0
|
MCAFEE_SCANNER_RUNNING=0
|
||||||
MALWARE_SCANNER_INSTALLED=0
|
MALWARE_SCANNER_INSTALLED=0
|
||||||
SOPHOS_SCANNER_RUNNING=0
|
SOPHOS_SCANNER_RUNNING=0
|
||||||
|
SYMANTEC_SCANNER_RUNNING=
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
@ -104,11 +105,10 @@
|
|||||||
IsRunning esets_daemon
|
IsRunning esets_daemon
|
||||||
if [ ${RUNNING} -eq 1 ]; then
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
FOUND=1
|
FOUND=1
|
||||||
Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN
|
|
||||||
LogText "Result: found ESET security product"
|
|
||||||
ESET_DAEMON_RUNNING=1
|
ESET_DAEMON_RUNNING=1
|
||||||
MALWARE_SCANNER_INSTALLED=1
|
MALWARE_SCANNER_INSTALLED=1
|
||||||
AddHP 2 2
|
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi
|
||||||
|
LogText "Result: found ESET security product"
|
||||||
Report "malware_scanner[]=eset"
|
Report "malware_scanner[]=eset"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -117,11 +117,10 @@
|
|||||||
IsRunning bdagentd
|
IsRunning bdagentd
|
||||||
if [ ${RUNNING} -eq 1 ]; then
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
FOUND=1
|
FOUND=1
|
||||||
Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN
|
|
||||||
LogText "Result: found Bitdefender security product"
|
|
||||||
BITDEFENDER_DAEMON_RUNNING=1
|
BITDEFENDER_DAEMON_RUNNING=1
|
||||||
MALWARE_SCANNER_INSTALLED=1
|
MALWARE_SCANNER_INSTALLED=1
|
||||||
AddHP 2 2
|
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi
|
||||||
|
LogText "Result: found Bitdefender security product"
|
||||||
Report "malware_scanner[]=bitdefender"
|
Report "malware_scanner[]=bitdefender"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -130,11 +129,10 @@
|
|||||||
IsRunning com.avast.daemon
|
IsRunning com.avast.daemon
|
||||||
if [ ${RUNNING} -eq 1 ]; then
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
FOUND=1
|
FOUND=1
|
||||||
Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN
|
|
||||||
LogText "Result: found Avast security product"
|
|
||||||
AVAST_DAEMON_RUNNING=1
|
AVAST_DAEMON_RUNNING=1
|
||||||
MALWARE_SCANNER_INSTALLED=1
|
MALWARE_SCANNER_INSTALLED=1
|
||||||
AddHP 2 2
|
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN; fi
|
||||||
|
LogText "Result: found Avast security product"
|
||||||
Report "malware_scanner[]=avast"
|
Report "malware_scanner[]=avast"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -143,11 +141,10 @@
|
|||||||
IsRunning avqmd
|
IsRunning avqmd
|
||||||
if [ ${RUNNING} -eq 1 ]; then
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
FOUND=1
|
FOUND=1
|
||||||
Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN
|
|
||||||
LogText "Result: found Avira security product"
|
|
||||||
AVIRA_DAEMON_RUNNING=1
|
AVIRA_DAEMON_RUNNING=1
|
||||||
MALWARE_SCANNER_INSTALLED=1
|
MALWARE_SCANNER_INSTALLED=1
|
||||||
AddHP 2 2
|
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN; fi
|
||||||
|
LogText "Result: found Avira security product"
|
||||||
Report "malware_scanner[]=avira"
|
Report "malware_scanner[]=avira"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -156,11 +153,10 @@
|
|||||||
IsRunning CylanceSvc
|
IsRunning CylanceSvc
|
||||||
if [ ${RUNNING} -eq 1 ]; then
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
FOUND=1
|
FOUND=1
|
||||||
Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN
|
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN; fi
|
||||||
LogText "Result: found CylancePROTECT service"
|
LogText "Result: found CylancePROTECT service"
|
||||||
AVAST_DAEMON_RUNNING=1
|
AVAST_DAEMON_RUNNING=1
|
||||||
MALWARE_SCANNER_INSTALLED=1
|
MALWARE_SCANNER_INSTALLED=1
|
||||||
AddHP 2 2
|
|
||||||
Report "malware_scanner[]=cylance-protect"
|
Report "malware_scanner[]=cylance-protect"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -176,13 +172,12 @@
|
|||||||
fi
|
fi
|
||||||
if [ ${MCAFEE_SCANNER_RUNNING} -eq 1 ]; then
|
if [ ${MCAFEE_SCANNER_RUNNING} -eq 1 ]; then
|
||||||
FOUND=1
|
FOUND=1
|
||||||
Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN
|
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN; fi
|
||||||
LogText "Result: Found McAfee"
|
LogText "Result: Found McAfee"
|
||||||
MALWARE_SCANNER_INSTALLED=1
|
MALWARE_SCANNER_INSTALLED=1
|
||||||
AddHP 2 2
|
|
||||||
Report "malware_scanner[]=mcafee"
|
Report "malware_scanner[]=mcafee"
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Sophos savscand/SophosScanD
|
# Sophos savscand/SophosScanD
|
||||||
LogText "Test: checking process savscand"
|
LogText "Test: checking process savscand"
|
||||||
IsRunning savscand
|
IsRunning savscand
|
||||||
@ -197,29 +192,53 @@
|
|||||||
SOPHOS_SCANNER_RUNNING=1
|
SOPHOS_SCANNER_RUNNING=1
|
||||||
fi
|
fi
|
||||||
if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then
|
if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then
|
||||||
Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN
|
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN; fi
|
||||||
LogText "Result: Found Sophos"
|
LogText "Result: Found Sophos"
|
||||||
MALWARE_SCANNER_INSTALLED=1
|
MALWARE_SCANNER_INSTALLED=1
|
||||||
AddHP 2 2
|
|
||||||
Report "malware_scanner[]=sophos"
|
Report "malware_scanner[]=sophos"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Symantec rtvscand/smcd/symcfgd
|
||||||
|
LogText "Test: checking process rtvscand"
|
||||||
|
IsRunning rtvscand
|
||||||
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
|
SYMANTEC_SCANNER_RUNNING=1
|
||||||
|
fi
|
||||||
|
LogText "Test: checking process Symantec management client service"
|
||||||
|
IsRunning smcd
|
||||||
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
|
SYMANTEC_SCANNER_RUNNING=1
|
||||||
|
fi
|
||||||
|
LogText "Test: checking process Symantec Endpoint Protection configuration service"
|
||||||
|
IsRunning symcfgd
|
||||||
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
|
SYMANTEC_SCANNER_RUNNING=1
|
||||||
|
fi
|
||||||
|
if [ ${SYMANTEC_SCANNER_RUNNING} -eq 1 ]; then
|
||||||
|
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Symantec" --result "${STATUS_FOUND}" --color GREEN; fi
|
||||||
|
LogText "Result: found one or more Symantec components"
|
||||||
|
MALWARE_SCANNER_INSTALLED=1
|
||||||
|
FOUND=1
|
||||||
|
Report "malware_scanner[]=symantec"
|
||||||
|
fi
|
||||||
|
|
||||||
# TrendMicro (macOS)
|
# TrendMicro (macOS)
|
||||||
LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)"
|
LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)"
|
||||||
IsRunning TmccMac
|
IsRunning TmccMac
|
||||||
if [ ${RUNNING} -eq 1 ]; then
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
|
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN; fi
|
||||||
|
LogText "Result: found Trend Micro component"
|
||||||
FOUND=1
|
FOUND=1
|
||||||
Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN
|
|
||||||
LogText "Result: found Trend Micro"
|
|
||||||
AVAST_DAEMON_RUNNING=1
|
|
||||||
MALWARE_SCANNER_INSTALLED=1
|
MALWARE_SCANNER_INSTALLED=1
|
||||||
AddHP 2 2
|
|
||||||
Report "malware_scanner[]=trend-micro-av"
|
Report "malware_scanner[]=trend-micro-av"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ${FOUND} -eq 0 ]; then
|
if [ ${FOUND} -eq 0 ]; then
|
||||||
LogText "Result: no commercial anti-virus tools found"
|
LogText "Result: no commercial anti-virus tools found"
|
||||||
AddHP 0 3
|
AddHP 0 3
|
||||||
|
else
|
||||||
|
LogText "Result: found one or more commercial anti-virus tools"
|
||||||
|
AddHP 2 2
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user