Improve DragonFly support (#329)

* Update facter location for BSDs

BSDs tend to place third party binaries in /usr/local rather than /usr

* Add support for DragonFly boot loader detection

DragonFly BSD has the same file paths for the bootloader as FreeBSD

* Add kernel module checking for DragonFly

DragonFly BSD checks kernel modules the same way as FreeBSD

* Add DragonFly check for login shells

DragonFly's login files are the same as FreeBSD's

* Add HAMMER PFS Detection

All PFS mounts in HAMMER systems for DragonFly will be detected now

include/functions

@@ -1254,7 +1254,7 @@
 
         # facter
         if [ "${SHORT}" = "" ]; then
-            if [ -x /usr/bin/facter ]; then
+            if [ -x /usr/bin/facter ] || [ -x /usr/local/bin/facter ]; then
                 case "`facter is_virtual`" in
                 "true")
                     SHORT=`facter virtual`

include/tests_authentication

@@ -193,6 +193,50 @@
     fi
 #
 #################################################################################
+#
+    # Test        : AUTH-9489
+    # Description : Check login shells for passwordless accounts
+    # Notes       : Results should be checked
+    Register --test-no AUTH-9489 --os DragonFly --weight L --network NO --category security --description "Check login shells for passwordless accounts"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        LogText "Test: Checking login shells"
+        if [ -f /etc/master.passwd ]; then
+            # Check for all shells, except: (/usr)/sbin/nologin /nonexistent
+            FIND=`${GREPBINARY} "[a-z]:\*:" /etc/master.passwd | ${EGREPBINARY} -v '^#|/sbin/nologin|/usr/sbin/nologin|/nonexistent' | ${SEDBINARY} 's/ /!space!/g'`
+            if [ "${FIND}" = "" ]; then
+                Display --indent 2 --text "- Login shells" --result "${STATUS_OK}" --color GREEN
+            else
+                Display --indent 2 --text "- Login shells" --result "${STATUS_WARNING}" --color RED
+                for LINE in ${FIND}; do
+                    LINE=$(echo ${LINE} | ${SEDBINARY} 's/!space!/ /g')
+                    SHELL=$(echo ${LINE} | ${AWKBINARY} -F: '{ print $10 }')
+                    LogText "Output: ${LINE}"
+                    if [ -z "${SHELL}" ]; then
+                        LogText "Result: found no shell on line"
+                    else
+                        LogText "Result: found possible harmful shell ${SHELL}"
+                        if [ -f ${SHELL} ]; then
+                            LogText "Result: shell ${SHELL} does exist"
+                            FOUND=1
+                        else
+                            LogText "Result: shell ${SHELL} does not exist"
+                            ReportSuggestion ${TEST_NO} "Determine if account is needed, as shell ${SHELL} does not exist"
+                        fi
+                    fi
+                done
+                if [ ${FOUND} -eq 1 ]; then
+                    ReportWarning ${TEST_NO} "Possible harmful shell found (for passwordless account!)"
+                fi
+            fi
+          else
+            Display --indent 2 --text "- Login shells" --result "${STATUS_SKIPPED}" --color WHITE
+            LogText "Result: No /etc/master.passwd file found"
+        fi
+        unset LINE SHELL
+    fi
+#
+#################################################################################
 #
     # Test        : AUTH-9222
     # Description : Check unique group IDs

include/tests_boot_services

@@ -327,6 +327,23 @@
     fi
 #
 #################################################################################
+#
+    # Test        : BOOT-5261
+    # Description : Check for DragonFly boot loader
+    Register --test-no BOOT-5261 --os DragonFly --weight L --network NO --category security --description "Check for DragonFly boot loader presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        BOOT_LOADER_SEARCHED=1
+        if [ -f ${ROOTDIR}boot/boot1 -a -f ${ROOTDIR}boot/boot2 -a -f ${ROOTDIR}boot/loader ]; then
+            LogText "Result: found boot1, boot2 and loader files in ${ROOTDIR}boot"
+            Display --indent 2 --text "- Checking presence DragonFly loader" --result "${STATUS_FOUND}" --color GREEN
+            BOOT_LOADER="DragonFly"
+            BOOT_LOADER_FOUND=1
+        else
+            LogText "Result: Not all expected files found in ${ROOTDIR}boot"
+        fi
+    fi
+#
+#################################################################################
 #
     # Test        : BOOT-5126
     # Description : Check for NetBSD boot loader

include/tests_filesystems

@@ -206,6 +206,27 @@
     fi
 #
 #################################################################################
+#
+    # Test        : FILE-6439
+    # Description : Query all HAMMER PFS mounts from /etc/fstab
+    Register --test-no FILE-6439 --os DragonFly --weight L --network NO --category security --description "Checking HAMMER PFS mounts"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        LogText "Test: Query /etc/fstab for available HAMMER PFS  mount points"
+        FIND=$(${MOUNTBINARY} -p | ${AWKBINARY} '{ if ($3 == "null") { print $1":"$2":"$3":"$4":" }}')
+        if [ -z "${FIND}" ]; then
+            Display --indent 2 --text "- Querying HAMMER PFS mount points (mount -p)" --result "${STATUS_NONE}" --color WHITE
+            LogText "Result: unable to find any single PFS mount point"
+        else
+            Display --indent 2 --text "- Querying HAMMER PFS mount points (mount -p)" --result "${STATUS_FOUND}" --color GREEN
+            Report "filesystem[]=hammer"
+            for I in ${FIND}; do
+                LogText "HAMMER mount found: ${I}"
+                Report "mountpoint_hammer[]=${I}"
+            done
+        fi
+    fi
+#
+#################################################################################
 #
     # Test        : FILE-6332
     # Description : Check swap partitions

include/tests_kernel

@@ -313,6 +313,37 @@
     fi
 #
 #################################################################################
+#
+    # Test        : KRNL-5831
+    # Description : Checking DragonFly loaded kernel modules
+    Register --test-no KRNL-5831 --os DragonFly --weight L --network NO --category security --description "Checking DragonFly loaded kernel modules"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 2 --text "- Checking active kernel modules"
+        LogText "Test: Active kernel modules (KLDs)"
+        LogText "Description: View all active kernel modules (including kernel)"
+        LogText "Test: Checking modules"
+        if [ -f /sbin/kldstat ]; then
+            FIND=`kldstat | ${GREPBINARY} -v 'Name' | ${TRBINARY} -s ' ' | ${CUTBINARY} -d ' ' -f6`
+            if [ $? -eq 0 ]; then
+                LogText "Loaded modules according kldstat:"
+                N=0
+                for I in ${FIND}; do
+                    LogText "Loaded module: ${I}"
+                    Report "loaded_kernel_module[]=${I}"
+                    N=$((N + 1))
+                done
+                Display --indent 4 --text "Found ${N} kernel modules" --result "${STATUS_DONE}" --color GREEN
+              else
+                Display --indent 4 --text "Test failed" --result "${STATUS_WARNING}" --color RED
+                LogText "Result: Problem with executing kldstat"
+            fi
+          else
+            echo "[ ${WHITE}SKIPPED${NORMAL} ]"
+            LogText "Result: no results, can't find /sbin/kldstat"
+        fi
+    fi
+#
+#################################################################################
 #
     # Test        : KRNL-5770
     # Description : Checking Solaris load modules