tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DBS-1820] added newer style format for Mongo authorization setting

This commit is contained in:
Michael Boelen 2022-08-24 11:42:22 +00:00
parent 8d9cdb22f4
commit 622f53247d
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
include/tests_databases
View File

@ -127,12 +127,25 @@
for FILE in ${MONGO_CONF_FILES}; do for FILE in ${MONGO_CONF_FILES}; do
if [ -f ${FILE} ]; then if [ -f ${FILE} ]; then
LogText "Result: found MongoDB configuration file (${FILE})" LogText "Result: found MongoDB configuration file (${FILE})"
LogText "Test: determine authorization setting in new style YAML format" # YAML with quotes
AUTH_IN_CONFIG=$(${GREPBINARY} "authorization: enabled" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)") if [ ${MONGODB_AUTHORIZATION_ENABLED} -eq 0 ]; then
if HasData "${AUTH_IN_CONFIG}"; then LogText "Test: determine authorization setting in new style YAML format"
LogText "Result: GOOD, found authorization option enabled in configuration file (YAML format)" AUTH_IN_CONFIG=$(${GREPBINARY} "authorization: \"enabled\"" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)")
MONGODB_AUTHORIZATION_ENABLED=1 if HasData "${AUTH_IN_CONFIG}"; then
else LogText "Result: GOOD, found authorization option enabled in configuration file (YAML format with quotes)"
MONGODB_AUTHORIZATION_ENABLED=1
fi
fi
# YAML without quotes
if [ ${MONGODB_AUTHORIZATION_ENABLED} -eq 0 ]; then
AUTH_IN_CONFIG=$(${GREPBINARY} "authorization: enabled" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)")
if HasData "${AUTH_IN_CONFIG}"; then
LogText "Result: GOOD, found authorization option enabled in configuration file (YAML format without quotes)"
MONGODB_AUTHORIZATION_ENABLED=1
fi
fi
# Old style
if [ ${MONGODB_AUTHORIZATION_ENABLED} -eq 0 ]; then
LogText "Result: did NOT find authorization option enabled in configuration file (with YAML format)" LogText "Result: did NOT find authorization option enabled in configuration file (with YAML format)"
LogText "Test: now searching for old style configuration (auth = true) in configuration file" LogText "Test: now searching for old style configuration (auth = true) in configuration file"
AUTH_IN_CONFIG=$(${GREPBINARY} "auth = true" ${FILE} | ${GREPBINARY} -v "noauth" | ${GREPBINARY} -E -v "(^#|#auth)") AUTH_IN_CONFIG=$(${GREPBINARY} "auth = true" ${FILE} | ${GREPBINARY} -v "noauth" | ${GREPBINARY} -E -v "(^#|#auth)")