mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-31 01:34:23 +02:00
Extended detection for service manager and NetBSD uptime support
This commit is contained in:
mboelen
parent
1759f66181
commit
639fd1d96a
@ -22,7 +22,6 @@
|
|||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
Display --indent 2 --text "- Checking boot loaders"
|
|
||||||
BOOT_LOADER="unknown"
|
BOOT_LOADER="unknown"
|
||||||
BOOT_LOADER_FOUND=0
|
BOOT_LOADER_FOUND=0
|
||||||
GRUB_VERSION=0
|
GRUB_VERSION=0
|
||||||
@ -40,7 +39,7 @@
|
|||||||
FIND=`/usr/sbin/bootinfo -b`
|
FIND=`/usr/sbin/bootinfo -b`
|
||||||
if [ ! "${FIND}" = "" ]; then
|
if [ ! "${FIND}" = "" ]; then
|
||||||
logtext "Result: found boot device ${FIND}"
|
logtext "Result: found boot device ${FIND}"
|
||||||
Display --indent 4 --text "- Checking boot device (bootinfo)" --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking boot device (bootinfo)" --result FOUND --color GREEN
|
||||||
BOOT_LOADER="ROS"
|
BOOT_LOADER="ROS"
|
||||||
BOOT_LOADER_FOUND=1
|
BOOT_LOADER_FOUND=1
|
||||||
else
|
else
|
||||||
@ -56,15 +55,19 @@
|
|||||||
#
|
#
|
||||||
# Test : BOOT-5104
|
# Test : BOOT-5104
|
||||||
# Description : Determine service manager
|
# Description : Determine service manager
|
||||||
|
# Notes :
|
||||||
|
# initscripts - Used by Arch before
|
||||||
|
# systemd - Common option with more Linux distros implementing it
|
||||||
|
# upstart - Used by Debian/Ubuntu
|
||||||
Register --test-no BOOT-5104 --weight L --network NO --description "Determine service manager"
|
Register --test-no BOOT-5104 --weight L --network NO --description "Determine service manager"
|
||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
case ${OS} in
|
case ${OS} in
|
||||||
linux)
|
Linux)
|
||||||
if [ -f /proc/1/cmdline ]; then
|
if [ -f /proc/1/cmdline ]; then
|
||||||
FILE=`cat /proc/1/cmdline`
|
FILE=`cat /proc/1/cmdline`
|
||||||
if [ -L ${FILE} ]; then
|
if [ -L ${FILE} ]; then
|
||||||
ShowSymlinkPath ${FILE}
|
ShowSymlinkPath ${FILE}
|
||||||
if [ -f ${sFILE} ]; then
|
if [ -f ${sFILE} ]; then
|
||||||
SHORTNAME=`echo ${sFILE} | awk -F/ '{ print $NF }'`
|
SHORTNAME=`echo ${sFILE} | awk -F/ '{ print $NF }'`
|
||||||
case ${SHORTNAME} in
|
case ${SHORTNAME} in
|
||||||
upstart)
|
upstart)
|
||||||
@ -79,10 +82,23 @@
|
|||||||
esac
|
esac
|
||||||
else
|
else
|
||||||
logtext "Result: Could not find linked file ${sFILE}"
|
logtext "Result: Could not find linked file ${sFILE}"
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
FIND=`echo ${FILE} | grep "/systemd"`
|
||||||
|
if [ ! "${FIND}" = "" ]; then
|
||||||
|
SERVICE_MANAGER="systemd"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
# Continue testing if we didn't find it yet
|
||||||
|
if [ "${SERVICE_MANAGER}" = "unknown" ]; then
|
||||||
|
if [ -f /usr/bin/init-openrc ]; then SERVICE_MANAGER="openrc"; fi
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
NetBSD)
|
||||||
|
if [ -x /sbin/init -a -d /etc/rc.d -a -f /etc/rc ]; then
|
||||||
|
SERVICE_MANAGER="bsdrc"
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
logtext "Result: unknown service manager"
|
logtext "Result: unknown service manager"
|
||||||
@ -134,7 +150,7 @@
|
|||||||
if [ "`ls /boot/* 2> /dev/null`" = "" -a ! "${GRUB2INSTALLBINARY}" = "" ]; then
|
if [ "`ls /boot/* 2> /dev/null`" = "" -a ! "${GRUB2INSTALLBINARY}" = "" ]; then
|
||||||
BOOT_LOADER_FOUND=1
|
BOOT_LOADER_FOUND=1
|
||||||
logtext "Result: found empty /boot, however with GRUB2 binary installed. Best guess is that GRUB2 is actually installed, but /boot not mounted"
|
logtext "Result: found empty /boot, however with GRUB2 binary installed. Best guess is that GRUB2 is actually installed, but /boot not mounted"
|
||||||
Display --indent 4 --text "- Checking presence GRUB2" --result "POSSIBLE MATCH" --color YELLOW
|
Display --indent 2 --text "- Checking presence GRUB2" --result "POSSIBLE MATCH" --color YELLOW
|
||||||
ReportManual "${TEST_NO}:01"
|
ReportManual "${TEST_NO}:01"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -167,11 +183,11 @@
|
|||||||
FOUND=1
|
FOUND=1
|
||||||
fi
|
fi
|
||||||
if [ ${FOUND} -eq 1 ]; then
|
if [ ${FOUND} -eq 1 ]; then
|
||||||
Display --indent 6 --text "- Checking for password protection" --result OK --color GREEN
|
Display --indent 4 --text "- Checking for password protection" --result OK --color GREEN
|
||||||
logtext "Result: GRUB has password protection."
|
logtext "Result: GRUB has password protection."
|
||||||
AddHP 4 4
|
AddHP 4 4
|
||||||
else
|
else
|
||||||
Display --indent 6 --text "- Checking for password protection" --result WARNING --color RED
|
Display --indent 4 --text "- Checking for password protection" --result WARNING --color RED
|
||||||
logtext "Result: Didn't find hashed password line in GRUB boot file!"
|
logtext "Result: Didn't find hashed password line in GRUB boot file!"
|
||||||
ReportSuggestion ${TEST_NO} "Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password)"
|
ReportSuggestion ${TEST_NO} "Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password)"
|
||||||
AddHP 0 2
|
AddHP 0 2
|
||||||
@ -189,7 +205,7 @@
|
|||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
if [ -f /boot/boot1 -a -f /boot/boot2 -a -f /boot/loader ]; then
|
if [ -f /boot/boot1 -a -f /boot/boot2 -a -f /boot/loader ]; then
|
||||||
logtext "Result: found boot1, boot2 and loader files in /boot"
|
logtext "Result: found boot1, boot2 and loader files in /boot"
|
||||||
Display --indent 4 --text "- Checking presence FreeBSD loader" --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking presence FreeBSD loader" --result FOUND --color GREEN
|
||||||
BOOT_LOADER="FreeBSD"
|
BOOT_LOADER="FreeBSD"
|
||||||
BOOT_LOADER_FOUND=1
|
BOOT_LOADER_FOUND=1
|
||||||
else
|
else
|
||||||
@ -205,7 +221,7 @@
|
|||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
if [ -f /boot.${HARDWARE} -o -f /boot -o -f /ofwboot ]; then
|
if [ -f /boot.${HARDWARE} -o -f /boot -o -f /ofwboot ]; then
|
||||||
logtext "Result: found NetBSD secondary bootstrap"
|
logtext "Result: found NetBSD secondary bootstrap"
|
||||||
Display --indent 4 --text "- Checking presence NetBSD loader" --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking presence NetBSD loader" --result FOUND --color GREEN
|
||||||
BOOT_LOADER="NetBSD"
|
BOOT_LOADER="NetBSD"
|
||||||
BOOT_LOADER_FOUND=1
|
BOOT_LOADER_FOUND=1
|
||||||
else
|
else
|
||||||
@ -228,18 +244,18 @@
|
|||||||
if [ ${CANREAD} -eq 1 ]; then
|
if [ ${CANREAD} -eq 1 ]; then
|
||||||
BOOT_LOADER="LILO"
|
BOOT_LOADER="LILO"
|
||||||
BOOT_LOADER_FOUND=1
|
BOOT_LOADER_FOUND=1
|
||||||
Display --indent 4 --text "- Checking presence LILO" --result "OK" --color GREEN
|
Display --indent 2 --text "- Checking presence LILO" --result "OK" --color GREEN
|
||||||
logtext "Checking password option LILO"
|
logtext "Checking password option LILO"
|
||||||
FIND=`cat ${LILOCONFFILE} | ${EGREPBINARY} 'password[[:space:]]?=' | grep -v "^#"`
|
FIND=`cat ${LILOCONFFILE} | ${EGREPBINARY} 'password[[:space:]]?=' | grep -v "^#"`
|
||||||
if [ "${FIND}" = "" ]; then
|
if [ "${FIND}" = "" ]; then
|
||||||
Display --indent 6 --text "- Password option presence " --result "WARNING" --color RED
|
Display --indent 4 --text "- Password option presence " --result "WARNING" --color RED
|
||||||
logtext "Result: no password set for LILO. Bootloader is unprotected to"
|
logtext "Result: no password set for LILO. Bootloader is unprotected to"
|
||||||
logtext "dropping to single user mode or unauthorized access to devices/data."
|
logtext "dropping to single user mode or unauthorized access to devices/data."
|
||||||
ReportSuggestion ${TEST_NO} "Add a password to LILO, by adding a line to the lilo.conf file, above the first line saying 'image=<name>': password=<password>"
|
ReportSuggestion ${TEST_NO} "Add a password to LILO, by adding a line to the lilo.conf file, above the first line saying 'image=<name>': password=<password>"
|
||||||
ReportWarning ${TEST_NO} "M" "No password set on LILO bootloader"
|
ReportWarning ${TEST_NO} "M" "No password set on LILO bootloader"
|
||||||
AddHP 0 2
|
AddHP 0 2
|
||||||
else
|
else
|
||||||
Display --indent 6 --text "- Password option presence " --result "OK" --color GREEN
|
Display --indent 4 --text "- Password option presence " --result "OK" --color GREEN
|
||||||
logtext "Result: LILO password option set"
|
logtext "Result: LILO password option set"
|
||||||
AddHP 4 4
|
AddHP 4 4
|
||||||
fi
|
fi
|
||||||
@ -260,7 +276,7 @@
|
|||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
if [ -f /etc/silo.conf ]; then
|
if [ -f /etc/silo.conf ]; then
|
||||||
logtext "Result: Found SILO configuration file (/etc/silo.conf)"
|
logtext "Result: Found SILO configuration file (/etc/silo.conf)"
|
||||||
Display --indent 4 --text "- Checking boot loader SILO" --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking boot loader SILO" --result FOUND --color GREEN
|
||||||
BOOT_LOADER="SILO"
|
BOOT_LOADER="SILO"
|
||||||
BOOT_LOADER_FOUND=1
|
BOOT_LOADER_FOUND=1
|
||||||
else
|
else
|
||||||
@ -627,7 +643,7 @@
|
|||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
OpenBSD)
|
NetBSD|OpenBSD)
|
||||||
if [ ! "${SYSCTLBINARY}" = "" ]; then
|
if [ ! "${SYSCTLBINARY}" = "" ]; then
|
||||||
TIME_BOOT=`${SYSCTLBINARY} -n kern.boottime`
|
TIME_BOOT=`${SYSCTLBINARY} -n kern.boottime`
|
||||||
TIME_NOW=`date "+%s"`
|
TIME_NOW=`date "+%s"`
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user