tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-29 16:54:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Non-functional code removed as it does not work as intended and lacks required validation controls - Thanks to Sander Bos for reporting

Browse Source
This commit is contained in:
Michael Boelen 2019-06-24 15:23:30 +02:00
parent f6f7a69857
commit 6f3c268c57
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 7 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
include/helper_audit_dockerfile
View File

@ -19,25 +19,14 @@
################################################################################# #################################################################################
if [ $# -eq 0 ]; then if [ $# -eq 0 ]; then
Display --indent 2 --text "${RED}Error: ${WHITE}Provide URL or file${NORMAL}" Display --indent 2 --text "${RED}Error: ${WHITE}Provide a file${NORMAL}"
Display --text " "; Display --text " " Display --text " "; Display --text " "
ExitFatal ExitFatal
else else
FILE=$(echo $1 | egrep "^http|https") FILE=$(echo $1 | egrep "^http|https")
if HasData "${FILE}"; then if HasData "${FILE}"; then
CreateTempFile echo "Provide a file (not a URL)"
TMP_FILE="${TEMP_FILE}" ExitFatal
Display --indent 2 --text "Downloading URL ${FILE} with wget"
wget -o ${TMP_FILE} ${FILE}
if [ $? -gt 0 ]; then
AUDIT_FILE="${TMP_FILE}"
else
if [ -f ${TMP_FILE} ]; then
rm -f ${TMP_FILE}
fi
Display --indent 2 --text "${RED}Error: ${WHITE}can not download file${NORMAL}"
ExitFatal
fi
else else
if [ -f $1 ]; then if [ -f $1 ]; then
AUDIT_FILE="$1" AUDIT_FILE="$1"
@ -110,14 +99,14 @@ InsertSection "Basics"
#FIND=$(egrep "^MAINTAINER" ${AUDIT_FILE} | sed 's/ /:space:/g') #FIND=$(egrep "^MAINTAINER" ${AUDIT_FILE} | sed 's/ /:space:/g')
FIND=$(egrep -i "*MAINTAINER" ${AUDIT_FILE} | sed 's/=/ /g' | cut -d'"' -f 2) FIND=$(egrep -i "*MAINTAINER" ${AUDIT_FILE} | sed 's/=/ /g' | cut -d'"' -f 2)
if [ "${FIND}" = "" ]; then if [ -z "${FIND}" ]; then
ReportWarning "dockerfile" "No maintainer found. Unclear who created this file." ReportWarning "dockerfile" "No maintainer found. Unclear who created this file."
else else
#MAINTAINER=$(echo ${FIND} | sed 's/:space:/ /g' | awk '{ if($1=="MAINTAINER") { print }}') #MAINTAINER=$(echo ${FIND} | sed 's/:space:/ /g' | awk '{ if($1=="MAINTAINER") { print }}')
MAINTAINER=$(echo ${FIND}) MAINTAINER=$(echo ${FIND})
Display --indent 2 --text "Maintainer" --result "${MAINTAINER}" Display --indent 2 --text "Maintainer" --result "${MAINTAINER}"
fi fi
FIND=$(grep "^ENTRYPOINT" ${AUDIT_FILE} | cut -d' ' -f2 ) FIND=$(grep "^ENTRYPOINT" ${AUDIT_FILE} | cut -d' ' -f2 )
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
ReportWarning "dockerfile" "No ENTRYPOINT defined in Dockerfile." ReportWarning "dockerfile" "No ENTRYPOINT defined in Dockerfile."
@ -127,7 +116,7 @@ InsertSection "Basics"
fi fi
FIND=$(grep "^CMD" ${AUDIT_FILE} | cut -d' ' -f2 ) FIND=$(grep "^CMD" ${AUDIT_FILE} | cut -d' ' -f2 )
if [ "${FIND}" = "" ]; then if [ -z "${FIND}" ]; then
ReportWarning "dockerfile" "No CMD defines in Dockerfile." ReportWarning "dockerfile" "No CMD defines in Dockerfile."
else else
CMD=$(echo ${FIND}) CMD=$(echo ${FIND})
@ -135,7 +124,7 @@ InsertSection "Basics"
fi fi
FIND=$(grep "^USER" ${AUDIT_FILE} | cut -d' ' -f2 ) FIND=$(grep "^USER" ${AUDIT_FILE} | cut -d' ' -f2 )
if [ "${FIND}" = "" ]; then if [ -z "${FIND}" ]; then
ReportWarning "dockerfile" "No user declared in Dockerfile. Container will execute command as root" ReportWarning "dockerfile" "No user declared in Dockerfile. Container will execute command as root"
else else
USER=$(echo ${FIND}) USER=$(echo ${FIND})