mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-25 06:45:14 +02:00
[PKGS-7381] Collect FreeBSD details for vulnerable packages
This commit is contained in:
parent
100afa5f5b
commit
6a7ec8795a
@ -611,36 +611,32 @@
|
|||||||
#
|
#
|
||||||
# Test : PKGS-7381
|
# Test : PKGS-7381
|
||||||
# Description : Check for vulnerable FreeBSD packages (with pkg)
|
# Description : Check for vulnerable FreeBSD packages (with pkg)
|
||||||
if [ -x /usr/sbin/pkg -a -f /var/db/pkg/vuln.xml ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
# TODO : Update the repository first
|
||||||
Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg"
|
if [ -x /usr/sbin/pkg -a -f /var/db/pkg/vuln.xml ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available, or missing vulnerability database"; fi
|
||||||
|
Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg"
|
||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
if [ -x /usr/sbin/pkg ]; then
|
COUNT=0
|
||||||
FIND=`/usr/sbin/pkg audit 2> /dev/null | ${GREPBINARY} 'problem(s) in your installed packages found' | ${GREPBINARY} -v '0 problem(s) in your installed packages found'`
|
PACKAGE_AUDIT_TOOL_FOUND=1
|
||||||
PACKAGE_AUDIT_TOOL_FOUND=1
|
PACKAGE_AUDIT_TOOL="pkg audit"
|
||||||
PACKAGE_AUDIT_TOOL="pkg audit"
|
FIND=$(/usr/sbin/pkg audit -q 2> /dev/null)
|
||||||
if [ "${FIND}" = "" ]; then
|
if [ $? -eq 0 ]; then
|
||||||
LogText "Result: pkg audit results are clean"
|
LogText "Result: pkg audit results are clean"
|
||||||
Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
|
Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
|
||||||
else
|
else
|
||||||
LogText "Result: ${FIND}"
|
LogText "Result: ${FIND}"
|
||||||
|
if [ ! -z "${FIND}" ]; then
|
||||||
VULNERABLE_PACKAGES_FOUND=1
|
VULNERABLE_PACKAGES_FOUND=1
|
||||||
Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW
|
Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW
|
||||||
ReportSuggestion ${TEST_NO} "Check output of pkg audit"
|
for ITEM in ${FIND}; do
|
||||||
#Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_WARNING}" --color RED
|
COUNT=$((COUNT + 1))
|
||||||
#LogText "Result: pkg audit found one or more installed packages which are vulnerable."
|
Report "vulnerable_package[]=${ITEM}"
|
||||||
#ReportWarning ${TEST_NO} "Found one or more vulnerable packages."
|
LogText "Vulnerable package: ${ITEM}"
|
||||||
#ReportSuggestion ${TEST_NO} "Update your system with portupgrade or other tools"
|
AddHP 1 2
|
||||||
#LogText "List of vulnerable packages/version:"
|
done
|
||||||
#for I in `/usr/sbin/pkg audit -F | ${GREPBINARY} "Affected package" | ${CUTBINARY} -d ' ' -f3 | ${SORTBINARY} -u`; do
|
ReportWarning ${TEST_NO} "Found vulnerable packages" "pkg" "text:${COUNT} vulnerable packages}"
|
||||||
# Report "vulnerable_package[]=${I}"
|
else
|
||||||
# LogText "Vulnerable package: ${I}"
|
LogText "Result: found an exit code greater than zero, yet no output"
|
||||||
# # Decrease hardening points for every found vulnerable package
|
|
||||||
# AddHP 1 2
|
|
||||||
#done
|
|
||||||
fi
|
fi
|
||||||
else
|
|
||||||
Display --indent 2 --text "- pkg audit not installed" --result "${STATUS_NOT_FOUND}" --color WHITE
|
|
||||||
LogText "Result: pkg audit not installed, skipping this vulnerability test."
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
|
Loading…
x
Reference in New Issue
Block a user