tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1137 from teoberi/Lynis-with-PostgreSQL-13.1---test-ID-DBS-1826/DBS-1828 

Lynis with PostgreSQL 13.1 test ID DBS-1826/DBS-1828
This commit is contained in:
Michael Boelen 2021-07-21 17:22:17 +02:00 committed by GitHub
parent c2d15eb49a 82db002025
commit 755abdc556
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/consts
View File

@ -238,7 +238,7 @@ ETC_PATHS="/etc /usr/local/etc"
PLUGINDIR=""
PLUGIN_PHASE=0
POSTFIXBINARY=""
POSTGRES_RUNNING=0
POSTGRESQL_RUNNING=0
PREVIOUS_TEST="No test ID"
PREVIOUS_TS=0
PROFILES=""

12
include/tests_databases
View File

@ -174,7 +174,7 @@
# Description : Check if PostgreSQL is being used
Register --test-no DBS-1826 --weight L --network NO --category security --description "Checking active PostgreSQL processes"
if [ ${SKIPTEST} -eq 0 ]; then
if IsRunning "postgres:"; then
if IsRunning "postgres"; then
Display --indent 2 --text "- PostgreSQL processes status" --result "${STATUS_FOUND}" --color GREEN
LogText "Result: PostgreSQL is active"
POSTGRESQL_RUNNING=1
@ -203,11 +203,17 @@
Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration"
if [ ${SKIPTEST} -eq 0 ]; then
FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data"
CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}" | ${SEDBINARY} "s/ /:space:/g"')
FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data"
CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "*.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g")
for CF in ${CONFIG_FILES}; do
Report "postgresql_config_file[]=${CF}"
LogText "Found configuration file (${CF})"
if IsWorldReadable ${CF}; then
LogText "Result: configuration file ${CF} is world readable, this might leak sensitive information!"
ReportWarning "${TEST_NO}" "PostgreSQL configuration file ${CF} is world readable and might leak sensitive details" "${CF}" "Use chmod 600 to change file permissions"
else
LogText "Result: great, configuration file ${CF} is not world readable"
fi
done
fi
#