mirror of https://github.com/CISOfy/lynis.git
Code rewrites after linting
This commit is contained in:
parent
0173bd3832
commit
7260f3030c
|
@ -35,7 +35,7 @@
|
||||||
# Description : Check cron daemon
|
# Description : Check cron daemon
|
||||||
Register --test-no SCHD-7702 --weight L --network NO --description "Check status of cron daemon"
|
Register --test-no SCHD-7702 --weight L --network NO --description "Check status of cron daemon"
|
||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
FIND=`ps aux | egrep "( cron$|/cron(d)? )"`
|
FIND=$(ps aux | ${EGREPBINARY} "( cron$|/cron(d)? )")
|
||||||
if [ "${FIND}" = "" ]; then
|
if [ "${FIND}" = "" ]; then
|
||||||
LogText "Result: no cron daemon found"
|
LogText "Result: no cron daemon found"
|
||||||
else
|
else
|
||||||
|
@ -55,13 +55,13 @@
|
||||||
BAD_FILE_PERMISSIONS=0
|
BAD_FILE_PERMISSIONS=0
|
||||||
BAD_FILE_OWNERSHIP=0
|
BAD_FILE_OWNERSHIP=0
|
||||||
FindCronJob() {
|
FindCronJob() {
|
||||||
sCRONJOBS=`egrep '^([0-9*])' $1 | tr '\t' ' ' | tr -s ' ' | tr ' ' ','`
|
sCRONJOBS=$(egrep '^([0-9*])' $1 | tr '\t' ' ' | tr -s ' ' | tr ' ' ',')
|
||||||
}
|
}
|
||||||
|
|
||||||
CRONTAB_FILE="/etc/crontab"
|
CRONTAB_FILE="/etc/crontab"
|
||||||
if [ -f ${CRONTAB_FILE} ]; then
|
if [ -f ${CRONTAB_FILE} ]; then
|
||||||
if IsWorldWritable ${CRONTAB_FILE}; then LogText "Result: insecure file permissions for cronjob file ${CRONTAB_FILE}"; Report "insecure_fileperms_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi
|
if IsWorldWritable ${CRONTAB_FILE}; then LogText "Result: insecure file permissions for cronjob file ${CRONTAB_FILE}"; Report "insecure_fileperms_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi
|
||||||
if ! IsOwnedByRoot ${CRONTAB_FILE}; then LogText "Result: incorrect owner found for cronjob file ${CRONTAB_FILES}"; Report "bad_fileowner_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi
|
if ! IsOwnedByRoot ${CRONTAB_FILE}; then LogText "Result: incorrect owner found for cronjob file ${CRONTAB_FILE}"; Report "bad_fileowner_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi
|
||||||
FindCronJob ${CRONTAB_FILE}
|
FindCronJob ${CRONTAB_FILE}
|
||||||
for I in ${sCRONJOBS}; do
|
for I in ${sCRONJOBS}; do
|
||||||
LogText "Found cronjob (${CRONTAB_FILE}): ${I}"
|
LogText "Found cronjob (${CRONTAB_FILE}): ${I}"
|
||||||
|
@ -77,7 +77,7 @@
|
||||||
if [ ${CANREAD} -eq 1 ]; then
|
if [ ${CANREAD} -eq 1 ]; then
|
||||||
LogText "Result: found directory ${I}"
|
LogText "Result: found directory ${I}"
|
||||||
LogText "Test: searching files in ${I}"
|
LogText "Test: searching files in ${I}"
|
||||||
FIND=`find ${I} -type f -print | grep -v ".placeholder"`
|
FIND=$(find ${I} -type f -print | grep -v ".placeholder")
|
||||||
if [ "${FIND}" = "" ]; then
|
if [ "${FIND}" = "" ]; then
|
||||||
LogText "Result: no files found in ${I}"
|
LogText "Result: no files found in ${I}"
|
||||||
else
|
else
|
||||||
|
@ -109,7 +109,7 @@
|
||||||
if [ -d ${I} ]; then
|
if [ -d ${I} ]; then
|
||||||
LogText "Result: found directory ${I}"
|
LogText "Result: found directory ${I}"
|
||||||
LogText "Test: searching files in ${I}"
|
LogText "Test: searching files in ${I}"
|
||||||
FIND=`find ${I} -type f -print | grep -v ".placeholder"`
|
FIND=$(find ${I} -type f -print | grep -v ".placeholder")
|
||||||
if [ "${FIND}" = "" ]; then
|
if [ "${FIND}" = "" ]; then
|
||||||
LogText "Result: no files found in ${I}"
|
LogText "Result: no files found in ${I}"
|
||||||
else
|
else
|
||||||
|
@ -130,7 +130,7 @@
|
||||||
# /var/spool/cron/* and /var/spool/cron/crontabs/*
|
# /var/spool/cron/* and /var/spool/cron/crontabs/*
|
||||||
# Search only in one tree, to avoid searching the tree twice
|
# Search only in one tree, to avoid searching the tree twice
|
||||||
if [ -d /var/spool/cron/crontabs ]; then
|
if [ -d /var/spool/cron/crontabs ]; then
|
||||||
FIND=`find /var/spool/cron/crontabs -type f -print`
|
FIND=$(find /var/spool/cron/crontabs -type f -print)
|
||||||
for I in ${FIND}; do
|
for I in ${FIND}; do
|
||||||
FindCronJob ${I}
|
FindCronJob ${I}
|
||||||
for J in ${sCRONJOBS}; do
|
for J in ${sCRONJOBS}; do
|
||||||
|
@ -140,7 +140,7 @@
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
if [ -d /var/spool/cron ]; then
|
if [ -d /var/spool/cron ]; then
|
||||||
FIND=`find /var/spool/cron -type f -print`
|
FIND=$(find /var/spool/cron -type f -print)
|
||||||
for I in ${FIND}; do
|
for I in ${FIND}; do
|
||||||
FindCronJob ${I}
|
FindCronJob ${I}
|
||||||
for J in ${sCRONJOBS}; do
|
for J in ${sCRONJOBS}; do
|
||||||
|
@ -155,7 +155,7 @@
|
||||||
if [ "${OS}" = "Linux" ]; then
|
if [ "${OS}" = "Linux" ]; then
|
||||||
if [ -f /etc/anacrontab ]; then
|
if [ -f /etc/anacrontab ]; then
|
||||||
LogText "Test: checking anacrontab"
|
LogText "Test: checking anacrontab"
|
||||||
sANACRONJOBS=`egrep '^([0-9@])' /etc/anacrontab | tr '\t' ' ' | tr -s ' ' | tr ' ' ','`
|
sANACRONJOBS=$(${EGREPBINARY} '^([0-9@])' /etc/anacrontab | tr '\t' ' ' | tr -s ' ' | tr ' ' ',')
|
||||||
if [ ! "${sANACRONJOBS}" = "" ]; then
|
if [ ! "${sANACRONJOBS}" = "" ]; then
|
||||||
Report "scheduler[]=anacron"
|
Report "scheduler[]=anacron"
|
||||||
for J in ${sANACRONJOBS}; do
|
for J in ${sANACRONJOBS}; do
|
||||||
|
@ -186,7 +186,7 @@
|
||||||
Register --test-no SCHD-7718 --weight L --network NO --description "Check at users"
|
Register --test-no SCHD-7718 --weight L --network NO --description "Check at users"
|
||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
LogText "Test: Checking atd status"
|
LogText "Test: Checking atd status"
|
||||||
FIND=`${PSBINARY} ax | grep "/atd" | grep -v "grep"`
|
FIND=$(${PSBINARY} ax | grep "/atd" | grep -v "grep")
|
||||||
if [ ! "${FIND}" = "" ]; then
|
if [ ! "${FIND}" = "" ]; then
|
||||||
LogText "Result: at daemon active"
|
LogText "Result: at daemon active"
|
||||||
Display --indent 2 --text "- Checking atd status" --result RUNNING --color GREEN
|
Display --indent 2 --text "- Checking atd status" --result RUNNING --color GREEN
|
||||||
|
@ -224,7 +224,7 @@
|
||||||
FileIsReadable ${AT_ALLOW}
|
FileIsReadable ${AT_ALLOW}
|
||||||
if [ ${CANREAD} -eq 1 ]; then
|
if [ ${CANREAD} -eq 1 ]; then
|
||||||
LogText "Result: file ${AT_ALLOW} exists, only listed users can schedule at jobs"
|
LogText "Result: file ${AT_ALLOW} exists, only listed users can schedule at jobs"
|
||||||
FIND=`cat ${AT_ALLOW} | sort`
|
FIND=$(sort ${AT_ALLOW})
|
||||||
if [ "${FIND}" = "" ]; then
|
if [ "${FIND}" = "" ]; then
|
||||||
LogText "Result: File empty, no users are allowed to schedule at jobs"
|
LogText "Result: File empty, no users are allowed to schedule at jobs"
|
||||||
else
|
else
|
||||||
|
@ -242,7 +242,7 @@
|
||||||
FileIsReadable ${AT_DENY}
|
FileIsReadable ${AT_DENY}
|
||||||
if [ ${CANREAD} -eq 1 ]; then
|
if [ ${CANREAD} -eq 1 ]; then
|
||||||
LogText "Result: file ${AT_DENY} exists, only non listed users can schedule at jobs"
|
LogText "Result: file ${AT_DENY} exists, only non listed users can schedule at jobs"
|
||||||
FIND=`cat ${AT_DENY} | sort`
|
FIND=$(sort ${AT_DENY})
|
||||||
if [ "${FIND}" = "" ]; then
|
if [ "${FIND}" = "" ]; then
|
||||||
LogText "Result: file is empty, no users are denied access to schedule jobs"
|
LogText "Result: file is empty, no users are denied access to schedule jobs"
|
||||||
else
|
else
|
||||||
|
@ -273,12 +273,12 @@
|
||||||
Register --test-no SCHD-7724 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check at jobs"
|
Register --test-no SCHD-7724 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check at jobs"
|
||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
LogText "Test: Check scheduled at jobs"
|
LogText "Test: Check scheduled at jobs"
|
||||||
FIND=`atq | grep -v "no files in queue" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g'`
|
FIND=$(atq | grep -v "no files in queue" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g')
|
||||||
if [ ! "${FIND}" = "" ]; then
|
if [ ! "${FIND}" = "" ]; then
|
||||||
LogText "Result: found one or more jobs"
|
LogText "Result: found one or more jobs"
|
||||||
for I in ${FIND}; do
|
for I in ${FIND}; do
|
||||||
I=`echo ${I} | sed 's/!space!/ /g'`
|
VALUE=$(echo ${I} | sed 's/!space!/ /g')
|
||||||
LogText "Found at job: ${I}"
|
LogText "Found at job: ${VALUE}"
|
||||||
done
|
done
|
||||||
Display --indent 4 --text "- Checking at jobs" --result FOUND --color GREEN
|
Display --indent 4 --text "- Checking at jobs" --result FOUND --color GREEN
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in New Issue