tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-04-08 17:15:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Test for built-in security measures in YUM [PKGS-7386]

Browse Source
This commit is contained in:
mboelen 2014-10-13 20:36:09 +02:00
parent 34b177547f
commit 5e840367ca
1 changed files with 31 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
include/tests_ports_packages
View File

@ -590,22 +590,39 @@
DO_TEST=0
logtext "Test: Determining if yum-security package installed"
FileExists /etc/yum/pluginconf.d/security.conf
if [ ${FILE_FOUND} -eq 1 ]; then
SearchItem "^enabled=1$" "/etc/yum/pluginconf.d/security.conf"
if [ ${ITEM_FOUND} -eq 1 ]; then
DO_TEST=1
fi
else
# Check if it's installed as package (this is old style)
FIND=`rpm -q yum-security yum-plugin-security | grep -v "not installed"`
if [ ! "${FIND}" = "" ]; then
logtext "Result: found yum-plugin-security package"
DO_TEST=1
fi
# Check for built-in --security option
if [ ${DO_TEST} -eq 0 ]; then
FileExists /usr/share/yum-cli/cly.py
if [ ${FILE_FOUND} -eq 1 ]; then
SearchItem "--security" "/usr/share/yum-cli/cly.py"
if [ ${ITEM_FOUND} -eq 1 ]; then
DO_TEST=1
logtext "Result: found built-in security in yum"
fi
fi
fi
# If we have the module of yum active, continue.
if [ ${DO_TEST} -eq 0 ]; then
FileExists /etc/yum/pluginconf.d/security.conf
if [ ${FILE_FOUND} -eq 1 ]; then
SearchItem "^enabled=1$" "/etc/yum/pluginconf.d/security.conf"
if [ ${ITEM_FOUND} -eq 1 ]; then
DO_TEST=1
logtext "Result: Found enabled plugin"
fi
fi
fi
# Check if it's installed as package (this is old style)
if [ ${DO_TEST} -eq 0 ]; then
FIND=`rpm -q yum-security yum-plugin-security | grep -v "not installed"`
if [ ! "${FIND}" = "" ]; then
logtext "Result: found yum-plugin-security package"
DO_TEST=1
fi
fi
# If we have the module of yum active, continue testing
if [ ${DO_TEST} -eq 1 ]; then
PKG_AUDIT_TOOL_FOUND=1
PKG_AUDIT_TOOL="yum-security"