Merge pull request #82 from SiemKorteweg/master

Optimized use of cat, grep and awk.
This commit is contained in:
Michael Boelen 2015-10-14 10:55:33 +02:00
commit 776a70d6cf
23 changed files with 80 additions and 80 deletions

View File

@ -212,7 +212,7 @@
if [ -f ${SOURCEFILE_RPM} ]; then if [ -f ${SOURCEFILE_RPM} ]; then
if [ -f lynis.spec ]; then if [ -f lynis.spec ]; then
# adjust version in spec file # adjust version in spec file
VERSION_IN_SPECFILE=`cat lynis.spec | grep "^Version:" | sed 's/ //g' | awk -F: '{ print $2 }'` VERSION_IN_SPECFILE=`awk '/^Version:/ { print $2 }' lynis.spec`
echo "[=] Found version ${VERSION_IN_SPECFILE}" echo "[=] Found version ${VERSION_IN_SPECFILE}"
if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
echo "[X] Version in specfile is outdated" echo "[X] Version in specfile is outdated"
@ -372,12 +372,12 @@ Exit
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= #=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
echo -n "- Creating MD5 hashes..." echo -n "- Creating MD5 hashes..."
PACKAGE_LIST_FILES=`cat files.dat | grep "^file:" | cut -d ':' -f3` PACKAGE_LIST_FILES=`grep "^file:" files.dat | cut -d ':' -f3`
for I in ${PACKAGE_LIST_FILES}; do for I in ${PACKAGE_LIST_FILES}; do
echo -n "${I} " echo -n "${I} "
#FULLNAME=`cat files.dat | grep ":file:include: #FULLNAME=`grep ":file:include:" files.dat
#echo "${FULLNAME}" >> ${OPENBSD_CONTENTS} #echo "${FULLNAME}" >> ${OPENBSD_CONTENTS}
echo "${I}" >> ${OPENBSD_CONTENTS} echo "${I}" >> ${OPENBSD_CONTENTS}
FILE="../${I}" FILE="../${I}"

View File

@ -127,7 +127,7 @@ output "Settings file: ${SETTINGS_FILE}"
ExitFatal ExitFatal
fi fi
# Extract the hostid from the parse file # Extract the hostid from the parse file
HOSTID=`cat ${REPORTFILE} | grep "^hostid=" | awk -F= '{ print $2 }'` HOSTID=`awk -F= '/^hostid=/ { print $2 }' ${REPORTFILE}`
if [ ! "${HOSTID}" = "" ]; then if [ ! "${HOSTID}" = "" ]; then
output "${WHITE}Found hostid: ${HOSTID}${NORMAL}" output "${WHITE}Found hostid: ${HOSTID}${NORMAL}"
# Try to connect # Try to connect

View File

@ -93,10 +93,10 @@
# If 'file' is an directory, use -d # If 'file' is an directory, use -d
if [ -d ${CHECKFILE} ]; then if [ -d ${CHECKFILE} ]; then
FILEVALUE=`ls -d -l ${CHECKFILE} | cut -c 2-10` FILEVALUE=`ls -d -l ${CHECKFILE} | cut -c 2-10`
PROFILEVALUE=`cat ${PROFILE} | grep '^permdir' | grep ":${CHECKFILE}:" | cut -d: -f3` PROFILEVALUE=`grep '^permdir' ${PROFILE} | grep ":${CHECKFILE}:" | cut -d: -f3`
else else
FILEVALUE=`ls -l ${CHECKFILE} | cut -c 2-10` FILEVALUE=`ls -l ${CHECKFILE} | cut -c 2-10`
PROFILEVALUE=`cat ${PROFILE} | grep '^permfile' | grep ":${CHECKFILE}:" | cut -d: -f3` PROFILEVALUE=`grep '^permfile' ${PROFILE} | grep ":${CHECKFILE}:" | cut -d: -f3`
fi fi
if [ "${FILEVALUE}" = "${PROFILEVALUE}" ]; then PERMS="OK"; else PERMS="BAD"; fi if [ "${FILEVALUE}" = "${PROFILEVALUE}" ]; then PERMS="OK"; else PERMS="BAD"; fi
fi fi
@ -929,7 +929,7 @@
# Parse nginx configuration lines # Parse nginx configuration lines
ParseNginx() ParseNginx()
{ {
FIND=`cat ${REPORTFILE} | grep "^nginx_config_option=" | awk -F= '{ if ($1=="nginx_config_option") { print $2 }}' | sed 's/ /:space:/g'` FIND=`awk -F= '/^nginx_config_option=/ { print $2 }' ${REPORTFILE} | sed 's/ /:space:/g'`
for I in ${FIND}; do for I in ${FIND}; do
I=`echo ${I} | sed 's/:space:/ /g' | sed 's/;$//'` I=`echo ${I} | sed 's/:space:/ /g' | sed 's/;$//'`
OPTION=`echo ${I} | awk '{ print $1 }'` OPTION=`echo ${I} | awk '{ print $1 }'`

View File

@ -114,7 +114,7 @@
FIND=`grep "Amazon" /etc/system-release` FIND=`grep "Amazon" /etc/system-release`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
OS_REDHAT_OR_CLONE=1 OS_REDHAT_OR_CLONE=1
OS_FULLNAME=`cat /etc/system-release | grep "^Amazon"` OS_FULLNAME=`grep "^Amazon" /etc/system-release`
OS_VERSION=`grep "^Amazon" /etc/system-release | awk '{ if ($4=="release") { print $5 } }'` OS_VERSION=`grep "^Amazon" /etc/system-release | awk '{ if ($4=="release") { print $5 } }'`
LINUX_VERSION="Amazon" LINUX_VERSION="Amazon"
fi fi
@ -129,8 +129,8 @@
# Chakra Linux # Chakra Linux
if [ -e "/etc/chakra-release" ]; then if [ -e "/etc/chakra-release" ]; then
OS_FULLNAME=`cat /etc/chakra-release | grep "^Chakra"` OS_FULLNAME=`grep "^Chakra" /etc/chakra-release`
OS_VERSION=`cat /etc/chakra-release | grep "^Chakra" | awk '{ if ($3=="release") { print $4 }}'` OS_VERSION=`awk '/^Chakra/ { if ($3=="release") { print $4 }}' /etc/chakra-release`
LINUX_VERSION="Chakra Linux" LINUX_VERSION="Chakra Linux"
fi fi
@ -162,7 +162,7 @@
OS_FULLNAME="Debian ${OS_VERSION}" OS_FULLNAME="Debian ${OS_VERSION}"
LINUX_VERSION="Debian" LINUX_VERSION="Debian"
fi fi
# Ubuntu test (optional) `cat /proc/version | grep "[Uu]buntu"` # Ubuntu test (optional) `grep "[Uu]buntu" /proc/version`
fi fi
# E-smith # E-smith
if [ -e "/etc/e-smith-release" ]; then OS_FULLNAME=`cat /etc/e-smith-release`; fi if [ -e "/etc/e-smith-release" ]; then OS_FULLNAME=`cat /etc/e-smith-release`; fi
@ -176,7 +176,7 @@
# CentOS # CentOS
FIND=`grep "CentOS" /etc/redhat-release` FIND=`grep "CentOS" /etc/redhat-release`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
OS_FULLNAME=`cat /etc/redhat-release | grep "CentOS"` OS_FULLNAME=`grep "CentOS" /etc/redhat-release`
LINUX_VERSION="CentOS" LINUX_VERSION="CentOS"
OS_VERSION="${OS_FULLNAME}" OS_VERSION="${OS_FULLNAME}"
fi fi
@ -184,7 +184,7 @@
# ClearOS # ClearOS
FIND=`grep "ClearOS" /etc/redhat-release` FIND=`grep "ClearOS" /etc/redhat-release`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
OS_FULLNAME=`cat /etc/redhat-release | grep "ClearOS"` OS_FULLNAME=`grep "ClearOS" /etc/redhat-release`
LINUX_VERSION="ClearOS" LINUX_VERSION="ClearOS"
OS_VERSION="${OS_FULLNAME}" OS_VERSION="${OS_FULLNAME}"
fi fi
@ -192,7 +192,7 @@
# Fedora # Fedora
FIND=`grep "Fedora" /etc/redhat-release` FIND=`grep "Fedora" /etc/redhat-release`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
OS_FULLNAME=`cat /etc/redhat-release | grep "Fedora"` OS_FULLNAME=`grep "Fedora" /etc/redhat-release`
OS_VERSION="${OS_FULLNAME}" OS_VERSION="${OS_FULLNAME}"
LINUX_VERSION="Fedora" LINUX_VERSION="Fedora"
fi fi
@ -200,7 +200,7 @@
# Mageia (has also /etc/megaia-release) # Mageia (has also /etc/megaia-release)
FIND=`grep "Mageia" /etc/redhat-release` FIND=`grep "Mageia" /etc/redhat-release`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
OS_FULLNAME=`cat /etc/redhat-release | grep "^Mageia"` OS_FULLNAME=`grep "^Mageia" /etc/redhat-release`
OS_VERSION=`grep "^Mageia" /etc/redhat-release | awk '{ if ($2=="release") { print $3 } }'` OS_VERSION=`grep "^Mageia" /etc/redhat-release | awk '{ if ($2=="release") { print $3 } }'`
LINUX_VERSION="Mageia" LINUX_VERSION="Mageia"
fi fi
@ -209,7 +209,7 @@
FIND=`grep "Enterprise Linux Enterprise Linux Server" /etc/redhat-release` FIND=`grep "Enterprise Linux Enterprise Linux Server" /etc/redhat-release`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
LINUX_VERSION="Oracle Enterprise Linux"; LINUX_VERSION="Oracle Enterprise Linux";
OS_FULLNAME=`cat /etc/redhat-release | grep "Enterprise Linux"`; OS_FULLNAME=`grep "Enterprise Linux" /etc/redhat-release`;
OS_VERSION="${OS_FULLNAME}"; OS_VERSION="${OS_FULLNAME}";
fi fi
@ -218,7 +218,7 @@
FIND=`grep "Oracle Linux Server" /etc/oracle-release` FIND=`grep "Oracle Linux Server" /etc/oracle-release`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
LINUX_VERSION="Oracle Enterprise Linux"; LINUX_VERSION="Oracle Enterprise Linux";
OS_FULLNAME=`cat /etc/oracle-release | grep "Oracle Linux"`; OS_FULLNAME=`grep "Oracle Linux" /etc/oracle-release`;
OS_VERSION="${OS_FULLNAME}"; OS_VERSION="${OS_FULLNAME}";
fi fi
fi fi
@ -228,7 +228,7 @@
FIND=`grep "Oracle VM" /etc/ovs-release` FIND=`grep "Oracle VM" /etc/ovs-release`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
LINUX_VERSION="Oracle VM Server"; LINUX_VERSION="Oracle VM Server";
OS_FULLNAME=`cat /etc/ovs-release | grep "Oracle VM"`; OS_FULLNAME=`grep "Oracle VM" /etc/ovs-release`;
OS_VERSION="${OS_FULLNAME}"; OS_VERSION="${OS_FULLNAME}";
fi fi
fi fi
@ -236,7 +236,7 @@
# Red Hat # Red Hat
FIND=`grep "Red Hat" /etc/redhat-release` FIND=`grep "Red Hat" /etc/redhat-release`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
OS_FULLNAME=`cat /etc/redhat-release | grep "Red Hat"` OS_FULLNAME=`grep "Red Hat" /etc/redhat-release`
OS_VERSION="${OS_FULLNAME}" OS_VERSION="${OS_FULLNAME}"
LINUX_VERSION="Red Hat" LINUX_VERSION="Red Hat"
fi fi
@ -244,7 +244,7 @@
# Scientific # Scientific
FIND=`grep "Scientific" /etc/redhat-release` FIND=`grep "Scientific" /etc/redhat-release`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
OS_FULLNAME=`cat /etc/redhat-release | grep "^Scientific"` OS_FULLNAME=`grep "^Scientific" /etc/redhat-release`
OS_VERSION=`grep "^Scientific" /etc/redhat-release | awk '{ if ($3=="release") { print $4 } }'` OS_VERSION=`grep "^Scientific" /etc/redhat-release | awk '{ if ($3=="release") { print $4 } }'`
LINUX_VERSION="Scientific" LINUX_VERSION="Scientific"
fi fi
@ -273,7 +273,7 @@
fi fi
if [ -f /etc/SLOX-release ]; then if [ -f /etc/SLOX-release ]; then
OS_FULLNAME=`cat /etc/SLOX-release | grep "SuSE Linux"` OS_FULLNAME=`grep "SuSE Linux" /etc/SLOX-release`
LINUX_VERSION="SuSE" LINUX_VERSION="SuSE"
fi fi

View File

@ -20,7 +20,7 @@
# #
Display --indent 2 --text "- Checking profile file (${PROFILE})..." Display --indent 2 --text "- Checking profile file (${PROFILE})..."
logtext "Reading profile/configuration ${PROFILE}" logtext "Reading profile/configuration ${PROFILE}"
FIND=`cat ${PROFILE} | grep '^config:' | sed 's/ /!space!/g'` FIND=`grep '^config:' ${PROFILE} | sed 's/ /!space!/g'`
for I in ${FIND}; do for I in ${FIND}; do
OPTION=`echo ${I} | cut -d ':' -f2` OPTION=`echo ${I} | cut -d ':' -f2`
VALUE=`echo ${I} | cut -d ':' -f3 | sed 's/!space!/ /g'` VALUE=`echo ${I} | cut -d ':' -f3 | sed 's/!space!/ /g'`

View File

@ -102,7 +102,7 @@
if [ "${CUSTOM_URL_APPEND}" = "" ]; then CUSTOM_URL_APPEND="/"; fi if [ "${CUSTOM_URL_APPEND}" = "" ]; then CUSTOM_URL_APPEND="/"; fi
# Show warnings from logfile # Show warnings from logfile
SWARNINGS=`cat ${LOGFILE} | grep -i 'warning:' | sed 's/ /!space!/g'` SWARNINGS=`grep -i 'warning:' ${LOGFILE} | sed 's/ /!space!/g'`
if [ "${SWARNINGS}" = "" ]; then if [ "${SWARNINGS}" = "" ]; then
echo " ${OK}No warnings${NORMAL}"; echo "" echo " ${OK}No warnings${NORMAL}"; echo ""

View File

@ -69,7 +69,7 @@
fi fi
# Check password file # Check password file
if [ -f ${PASSWD_FILE} ]; then if [ -f ${PASSWD_FILE} ]; then
FIND=`cat ${PASSWD_FILE} | grep -v '^#' | cut -d ':' -f3 | sort | uniq -d` FIND=`grep -v '^#' ${PASSWD_FILE} | cut -d ':' -f3 | sort | uniq -d`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
Display --indent 2 --text "- Checking for non-unique UIDs" --result OK --color GREEN Display --indent 2 --text "- Checking for non-unique UIDs" --result OK --color GREEN
logtext "Result: all accounts found in ${PASSWD_FILE} are unique" logtext "Result: all accounts found in ${PASSWD_FILE} are unique"
@ -155,7 +155,7 @@
logtext "Test: Checking login shells" logtext "Test: Checking login shells"
if [ -f /etc/master.passwd ]; then if [ -f /etc/master.passwd ]; then
# Check for all shells, except: (/usr)/sbin/nologin /nonexistent # Check for all shells, except: (/usr)/sbin/nologin /nonexistent
FIND=`cat /etc/master.passwd | grep "[a-z]:\*:" | egrep -v '^#|/sbin/nologin|/usr/sbin/nologin|/nonexistent' | sed 's/ /!space!/g'` FIND=`grep "[a-z]:\*:" /etc/master.passwd | egrep -v '^#|/sbin/nologin|/usr/sbin/nologin|/nonexistent' | sed 's/ /!space!/g'`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
Display --indent 2 --text "- Checking login shells" --result OK --color GREEN Display --indent 2 --text "- Checking login shells" --result OK --color GREEN
else else
@ -194,7 +194,7 @@
Register --test-no AUTH-9222 --weight L --network NO --description "Check for non unique groups" Register --test-no AUTH-9222 --weight L --network NO --description "Check for non unique groups"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking for non unique group ID's in /etc/group" logtext "Test: Checking for non unique group ID's in /etc/group"
FIND=`cat /etc/group | grep -v '^#' | grep -v '^$' | awk -F: '{ print $3 }' | sort | uniq -d` FIND=`grep -v '^#' /etc/group | grep -v '^$' | awk -F: '{ print $3 }' | sort | uniq -d`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
Display --indent 2 --text "- Checking non unique group ID's" --result OK --color GREEN Display --indent 2 --text "- Checking non unique group ID's" --result OK --color GREEN
logtext "Result: All group ID's are unique" logtext "Result: All group ID's are unique"
@ -215,7 +215,7 @@
Register --test-no AUTH-9226 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check non unique group names" Register --test-no AUTH-9226 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check non unique group names"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking for non unique group names in /etc/group" logtext "Test: Checking for non unique group names in /etc/group"
FIND=`cat /etc/group | grep -v '^#' | grep -v '^$' | awk -F: '{ print $1 }' | sort | uniq -d` FIND=`grep -v '^#' /etc/group | grep -v '^$' | awk -F: '{ print $1 }' | sort | uniq -d`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
Display --indent 2 --text "- Checking non unique group names" --result OK --color GREEN Display --indent 2 --text "- Checking non unique group names" --result OK --color GREEN
logtext "Result: All group names are unique" logtext "Result: All group names are unique"
@ -497,7 +497,7 @@
logtext "Result: file /etc/pam.conf exists" logtext "Result: file /etc/pam.conf exists"
Display --indent 2 --text "- Checking PAM configuration files (pam.conf)" --result FOUND --color GREEN Display --indent 2 --text "- Checking PAM configuration files (pam.conf)" --result FOUND --color GREEN
logtext "Test: searching PAM configuration files" logtext "Test: searching PAM configuration files"
FIND=`cat /etc/pam.conf | grep -v "^#" | grep -v "^$" | sed 's/[[:space:]]/ /g' | sed 's/ / /g' | sed 's/ /:space:/g'` FIND=`grep -v "^#" /etc/pam.conf | grep -v "^$" | sed 's/[[:space:]]/ /g' | sed 's/ / /g' | sed 's/ /:space:/g'`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
logtext "Result: File has no configuration options defined (empty, or only filled with comments and empty lines)" logtext "Result: File has no configuration options defined (empty, or only filled with comments and empty lines)"
else else
@ -577,7 +577,7 @@
if [ -f /etc/pam.d/common-auth ]; then if [ -f /etc/pam.d/common-auth ]; then
logtext "Result: file /etc/pam.d/common-auth exists" logtext "Result: file /etc/pam.d/common-auth exists"
logtext "Test: checking presence LDAP module" logtext "Test: checking presence LDAP module"
FIND=`cat /etc/pam.d/common-auth | grep "^auth" | grep "ldap"` FIND=`grep "^auth.*ldap" /etc/pam.d/common-auth`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
logtext "Result: LDAP module present" logtext "Result: LDAP module present"
logtext "Output: ${FIND}" logtext "Output: ${FIND}"
@ -950,7 +950,7 @@
FOUND=0 FOUND=0
WEAK_UMASK=0 WEAK_UMASK=0
logtext "Result: file /etc/login.conf exists" logtext "Result: file /etc/login.conf exists"
FIND=`cat /etc/login.conf | grep "umask" | sed 's/#.*//' | sed -E 's/^[[:cntrl:]]//' | grep -v '^$' | awk -F: '{ print $2}' | awk -F= '{ if ($1=="umask") { print $2 }}'` FIND=`grep "umask" /etc/login.conf | sed 's/#.*//' | sed -E 's/^[[:cntrl:]]//' | grep -v '^$' | awk -F: '{ print $2}' | awk -F= '{ if ($1=="umask") { print $2 }}'`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
for UMASK_VALUE in ${FIND}; do for UMASK_VALUE in ${FIND}; do
case ${UMASK_VALUE} in case ${UMASK_VALUE} in

View File

@ -66,7 +66,7 @@
case ${OS} in case ${OS} in
"Linux") "Linux")
if [ -f /proc/1/cmdline ]; then if [ -f /proc/1/cmdline ]; then
FILE=`cat /proc/1/cmdline | grep "^/" | awk '{ print $1 }'` FILE=`awk '/^\// { print $1 }' /proc/1/cmdline`
if [ ! "${FILE}" = "" ]; then if [ ! "${FILE}" = "" ]; then
if [ -L ${FILE} ]; then if [ -L ${FILE} ]; then
ShowSymlinkPath ${FILE} ShowSymlinkPath ${FILE}
@ -235,10 +235,10 @@
logtext "Found file ${GRUBCONFFILE}, proceeding with tests." logtext "Found file ${GRUBCONFFILE}, proceeding with tests."
FileIsReadable ${GRUBCONFFILE} FileIsReadable ${GRUBCONFFILE}
if [ ${CANREAD} -eq 1 ]; then if [ ${CANREAD} -eq 1 ]; then
FIND=`cat ${GRUBCONFFILE} | grep 'password --md5' | grep -v '^#'` FIND=`grep 'password --md5' ${GRUBCONFFILE} | grep -v '^#'`
FIND2=`cat ${GRUBCONFFILE} | grep 'password --encrypted' | grep -v '^#'` FIND2=`grep 'password --encrypted' ${GRUBCONFFILE} | grep -v '^#'`
FIND3=`cat ${GRUBCONFFILE} | grep 'set superusers' | grep -v '^#'` FIND3=`grep 'set superusers' ${GRUBCONFFILE} | grep -v '^#'`
FIND4=`cat ${GRUBCONFFILE} | grep 'password_pbkdf2' | grep -v '^#'` FIND4=`grep 'password_pbkdf2' ${GRUBCONFFILE} | grep -v '^#'`
# GRUB1: MD5 or SHA1 # GRUB1: MD5 or SHA1
if [ ! "${FIND}" = "" -o ! "${FIND2}" = "" ]; then if [ ! "${FIND}" = "" -o ! "${FIND2}" = "" ]; then
FOUND=1 FOUND=1
@ -313,7 +313,7 @@
BOOT_LOADER_FOUND=1 BOOT_LOADER_FOUND=1
Display --indent 2 --text "- Checking presence LILO" --result "OK" --color GREEN Display --indent 2 --text "- Checking presence LILO" --result "OK" --color GREEN
logtext "Checking password option LILO" logtext "Checking password option LILO"
FIND=`cat ${LILOCONFFILE} | ${EGREPBINARY} 'password[[:space:]]?=' | grep -v "^#"` FIND=`${EGREPBINARY} 'password[[:space:]]?=' ${LILOCONFFILE} | grep -v "^#"`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
Display --indent 4 --text "- Password option presence " --result "WARNING" --color RED Display --indent 4 --text "- Password option presence " --result "WARNING" --color RED
logtext "Result: no password set for LILO. Bootloader is unprotected to" logtext "Result: no password set for LILO. Bootloader is unprotected to"

View File

@ -136,7 +136,7 @@
#Register --test-no DBS-1842 --weight L --network NO --description "Checking Oracle home paths" #Register --test-no DBS-1842 --weight L --network NO --description "Checking Oracle home paths"
#if [ ${SKIPTEST} -eq 0 ]; then #if [ ${SKIPTEST} -eq 0 ]; then
# if [ -f /etc/oratab ]; then # if [ -f /etc/oratab ]; then
# FIND=`cat /etc/oratab | grep -v "#" | awk -F: "{ print $2 }"` # FIND=`grep -v "#" /etc/oratab | awk -F: "{ print $2 }"`
# fi # fi
#fi #fi
# #

View File

@ -29,7 +29,7 @@
Display --indent 2 --text "- Starting file permissions check" Display --indent 2 --text "- Starting file permissions check"
logtext "Test: Checking file permissions" logtext "Test: Checking file permissions"
logtext "Using profile ${PROFILE} for baseline." logtext "Using profile ${PROFILE} for baseline."
FIND=`cat ${PROFILE} | egrep '^permfile:|^permdir:' | cut -d: -f2` FIND=`egrep '^permfile:|^permdir:' ${PROFILE} | cut -d: -f2`
for I in ${FIND}; do for I in ${FIND}; do
logtext "Checking ${I}" logtext "Checking ${I}"
CheckFilePermissions ${I} CheckFilePermissions ${I}

View File

@ -71,7 +71,7 @@
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# Check if any service is enabled in /etc/inetd.conf (inetd is not active, see test 8002) # Check if any service is enabled in /etc/inetd.conf (inetd is not active, see test 8002)
logtext "Test: check if all services are disabled if inetd is disabled" logtext "Test: check if all services are disabled if inetd is disabled"
FIND=`cat ${INETD_CONFIG_FILE} | grep -v "^#" | grep -v "^$"` FIND=`grep -v "^#" ${INETD_CONFIG_FILE} | grep -v "^$"`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
Display --indent 4 --text "- Checking inetd.conf services" --result OK --color GREEN Display --indent 4 --text "- Checking inetd.conf services" --result OK --color GREEN
else else

View File

@ -105,9 +105,9 @@
if [ -f /proc/cpuinfo ]; then if [ -f /proc/cpuinfo ]; then
logtext "Result: found /proc/cpuinfo" logtext "Result: found /proc/cpuinfo"
logtext "Test: Checking CPU options (XD/NX/PAE)" logtext "Test: Checking CPU options (XD/NX/PAE)"
FIND_PAE_NX=`cat /proc/cpuinfo | grep " pae " | grep " nx "` FIND_PAE_NX=`grep " pae " /proc/cpuinfo | grep " nx "`
FIND_PAE=`cat /proc/cpuinfo | grep " pae "` FIND_PAE=`grep " pae " /proc/cpuinfo`
FIND_NX=`cat /proc/cpuinfo | grep " nx "` FIND_NX=`grep " nx " /proc/cpuinfo`
FOUND=0 FOUND=0
if [ ! "${FIND_PAE_NX}" = "" ]; then if [ ! "${FIND_PAE_NX}" = "" ]; then
logtext "PAE: Yes" logtext "PAE: Yes"
@ -380,8 +380,8 @@
if [ -f /etc/security/limits.conf ]; then if [ -f /etc/security/limits.conf ]; then
logtext "Result: file /etc/security/limits.conf exists" logtext "Result: file /etc/security/limits.conf exists"
logtext "Test: Checking if core dumps are disabled in /etc/security/limits.conf" logtext "Test: Checking if core dumps are disabled in /etc/security/limits.conf"
FIND1=`cat /etc/security/limits.conf | grep -v "^#" | grep -v "^$" | awk '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="1") { print "soft core enabled" } }'` FIND1=`grep -v "^#" /etc/security/limits.conf | grep -v "^$" | awk '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="1") { print "soft core enabled" } }'`
FIND2=`cat /etc/security/limits.conf | grep -v "^#" | grep -v "^$" | awk '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="1") { print "hard core enabled" } }'` FIND2=`grep -v "^#" /etc/security/limits.conf | grep -v "^$" | awk '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="1") { print "hard core enabled" } }'`
if [ "${FIND1}" = "soft core enabled" -o "${FIND2}" = "hard core enabled" ]; then if [ "${FIND1}" = "soft core enabled" -o "${FIND2}" = "hard core enabled" ]; then
logtext "Result: core dumps (soft or hard) are enabled" logtext "Result: core dumps (soft or hard) are enabled"
Display --indent 2 --text "- Checking core dumps configuration" --result ENABLED --color YELLOW Display --indent 2 --text "- Checking core dumps configuration" --result ENABLED --color YELLOW

View File

@ -380,7 +380,7 @@
Register --test-no LOGG-2162 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking directories in /etc/newsyslog.conf" Register --test-no LOGG-2162 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking directories in /etc/newsyslog.conf"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: parsing directories from /etc/newsyslog.conf file" logtext "Test: parsing directories from /etc/newsyslog.conf file"
FIND=`cat /etc/newsyslog.conf | sort -u | grep "^/" | awk '{ print $1 }' | sed 's/\/*[a-zA-Z_.-]*$//g' | sort -u` FIND=`awk '/^\// { print $1 }' /etc/newsyslog.conf | sed 's/\/*[a-zA-Z_.-]*$//g' | sort -u`
for I in ${FIND}; do for I in ${FIND}; do
if [ -d ${I} ]; then if [ -d ${I} ]; then
logtext "Result: Directory ${I} found and exists" logtext "Result: Directory ${I} found and exists"
@ -400,7 +400,7 @@
Register --test-no LOGG-2164 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking files specified /etc/newsyslog.conf" Register --test-no LOGG-2164 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking files specified /etc/newsyslog.conf"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: parsing files from /etc/newsyslog.conf file" logtext "Test: parsing files from /etc/newsyslog.conf file"
FIND=`cat /etc/newsyslog.conf | sort -u | grep "^/" | awk '{ print $1 }'` FIND=`awk '/^\// { print $1 }' /etc/newsyslog.conf | sort -u`
for I in ${FIND}; do for I in ${FIND}; do
if [ -f ${I} ]; then if [ -f ${I} ]; then
logtext "Result: File ${I} found and exists" logtext "Result: File ${I} found and exists"

View File

@ -29,7 +29,7 @@
if [ -f /proc/meminfo ]; then if [ -f /proc/meminfo ]; then
logtext "Result: found /proc/meminfo" logtext "Result: found /proc/meminfo"
Display --indent 2 --text "- Checking /proc/meminfo" --result FOUND --color GREEN Display --indent 2 --text "- Checking /proc/meminfo" --result FOUND --color GREEN
FIND=`cat /proc/meminfo | grep "^MemTotal" | tr -s ' ' | awk '{ print $2" "$3 }'` FIND=`awk '/^MemTotal/ { print $2, $3 }' /proc/meminfo`
MEMORY_SIZE=`echo ${FIND} | awk '{ print $1 }'` MEMORY_SIZE=`echo ${FIND} | awk '{ print $1 }'`
MEMORY_UNITS=`echo ${FIND} | awk '{ print $2 }'` MEMORY_UNITS=`echo ${FIND} | awk '{ print $2 }'`
logtext "Result: Found ${MEMORY_SIZE} ${MEMORY_UNITS} memory" logtext "Result: Found ${MEMORY_SIZE} ${MEMORY_UNITS} memory"

View File

@ -42,7 +42,7 @@
logtext "Test: check /etc/resolv.conf for default domain" logtext "Test: check /etc/resolv.conf for default domain"
if [ -f /etc/resolv.conf ]; then if [ -f /etc/resolv.conf ]; then
logtext "Result: /etc/resolv.conf found" logtext "Result: /etc/resolv.conf found"
FIND=`cat /etc/resolv.conf | grep "^domain" | awk '{ print $2 }'` FIND=`awk '/^domain/ { print $2 }' /etc/resolv.conf`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
logtext "Result: no default domain found" logtext "Result: no default domain found"
Display --indent 2 --text "- Checking default DNS search domain" --result NONE --color WHITE Display --indent 2 --text "- Checking default DNS search domain" --result NONE --color WHITE
@ -67,7 +67,7 @@
logtext "Test: check /etc/resolv.conf for search domains" logtext "Test: check /etc/resolv.conf for search domains"
if [ -f /etc/resolv.conf ]; then if [ -f /etc/resolv.conf ]; then
logtext "Result: /etc/resolv.conf found" logtext "Result: /etc/resolv.conf found"
FIND=`cat /etc/resolv.conf | grep "^search" | sed 's/^search //'` FIND=`awk '/^search/ { print $2 }' /etc/resolv.conf`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
logtext "Result: no search domains found, default domain is being used" logtext "Result: no search domains found, default domain is being used"
else else
@ -92,7 +92,7 @@
fi fi
# Check amount of search domains (max 1) # Check amount of search domains (max 1)
FIND=`cat /etc/resolv.conf | grep "^search" | wc -l | tr -s ' ' | tr -d ' '` FIND=`grep -c "^search" /etc/resolv.conf`
if [ ! "${FIND}" = "0" -a ! "${FIND}" = "1" ]; then if [ ! "${FIND}" = "0" -a ! "${FIND}" = "1" ]; then
logtext "Result: found ${FIND} line(s) with a search statement (expecting less than 2 lines)" logtext "Result: found ${FIND} line(s) with a search statement (expecting less than 2 lines)"
Display --indent 4 --text "- Checking search domains lines" --result "CONFIG ERROR" --color YELLOW Display --indent 4 --text "- Checking search domains lines" --result "CONFIG ERROR" --color YELLOW
@ -452,7 +452,7 @@
Register --test-no NAME-4236 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PowerDNS backends" Register --test-no NAME-4236 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PowerDNS backends"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking for PowerDNS backends" logtext "Test: Checking for PowerDNS backends"
FIND=`cat ${POWERDNS_AUTH_CONFIG_LOCATION} | grep "^launch" | awk -F= '{ print $2 }'` FIND=`awk -F= '/^launch/ { print $2 }' ${POWERDNS_AUTH_CONFIG_LOCATION}`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
for I in ${FIND}; do for I in ${FIND}; do
logtext "Found backend: ${I}" logtext "Found backend: ${I}"
@ -472,7 +472,7 @@
Register --test-no NAME-4238 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PowerDNS authoritive status" Register --test-no NAME-4238 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PowerDNS authoritive status"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking for PowerDNS master status" logtext "Test: Checking for PowerDNS master status"
FIND=`cat ${POWERDNS_AUTH_CONFIG_LOCATION} | grep "^master=yes"` FIND=`grep "^master=yes" ${POWERDNS_AUTH_CONFIG_LOCATION}`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
logtext "Found master=yes in configuration file" logtext "Found master=yes in configuration file"
Display --indent 4 --text "- PowerDNS authoritive master: YES" Display --indent 4 --text "- PowerDNS authoritive master: YES"
@ -482,7 +482,7 @@
Display --indent 4 --text "- PowerDNS authoritive master: NO" Display --indent 4 --text "- PowerDNS authoritive master: NO"
fi fi
logtext "Test: Checking for PowerDNS slave status" logtext "Test: Checking for PowerDNS slave status"
FIND=`cat ${POWERDNS_AUTH_CONFIG_LOCATION} | grep "^slave=yes"` FIND=`grep "^slave=yes" ${POWERDNS_AUTH_CONFIG_LOCATION}`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
logtext "Found slave=yes in configuration file" logtext "Found slave=yes in configuration file"
Display --indent 4 --text "- PowerDNS authoritive slave: YES" Display --indent 4 --text "- PowerDNS authoritive slave: YES"
@ -588,7 +588,7 @@
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: check duplicate line in /etc/hosts" logtext "Test: check duplicate line in /etc/hosts"
if [ -f /etc/hosts ]; then if [ -f /etc/hosts ]; then
sFIND=`cat /etc/hosts | egrep -v '^(#|$)' | sort | uniq -d` sFIND=`egrep -v '^(#|$)' /etc/hosts | awk '{ print $1, $2 }' | sort | uniq -d`
if [ "${sFIND}" = "" ]; then if [ "${sFIND}" = "" ]; then
logtext "Result: OK, no duplicate lines found" logtext "Result: OK, no duplicate lines found"
Display --indent 4 --text "- Checking /etc/hosts (duplicates)" --result OK --color GREEN Display --indent 4 --text "- Checking /etc/hosts (duplicates)" --result OK --color GREEN
@ -613,7 +613,7 @@
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Check /etc/hosts contains an entry for this server name" logtext "Test: Check /etc/hosts contains an entry for this server name"
if [ -f /etc/hosts ]; then if [ -f /etc/hosts ]; then
sFIND=`cat /etc/hosts | egrep -v '^(#|$|^::1\s|localhost)' | grep ${HOSTNAME}` sFIND=`egrep -v '^(#|$|^::1\s|localhost)' /etc/hosts | grep ${HOSTNAME}`
if [ "${sFIND}" != "" ]; then if [ "${sFIND}" != "" ]; then
logtext "Result: Found entry for ${HOSTNAME} in /etc/hosts" logtext "Result: Found entry for ${HOSTNAME} in /etc/hosts"
Display --indent 4 --text "- Checking /etc/hosts (hostname)" --result OK --color GREEN Display --indent 4 --text "- Checking /etc/hosts (hostname)" --result OK --color GREEN
@ -634,7 +634,7 @@
Register --test-no NAME-4406 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check server hostname mapping" Register --test-no NAME-4406 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check server hostname mapping"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Check server hostname not locally mapped in /etc/hosts" logtext "Test: Check server hostname not locally mapped in /etc/hosts"
sFIND=`cat /etc/hosts | egrep -v '^(#|$)' | egrep '(localhost|^::1\s)' | grep -w ${HOSTNAME}` sFIND=`egrep -v '^(#|$)' /etc/hosts | egrep '(localhost|^::1\s)' | grep -w ${HOSTNAME}`
if [ ! "${sFIND}" = "" ]; then if [ ! "${sFIND}" = "" ]; then
logtext "Result: Found this server hostname mapped to a local address" logtext "Result: Found this server hostname mapped to a local address"
Display --indent 4 --text "- Checking /etc/hosts (localhost)" --result SUGGESTION --color YELLOW Display --indent 4 --text "- Checking /etc/hosts (localhost)" --result SUGGESTION --color YELLOW

View File

@ -147,7 +147,7 @@
Register --test-no PHP-2368 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP register_globals option" Register --test-no PHP-2368 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP register_globals option"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking PHP register_globals option" logtext "Test: Checking PHP register_globals option"
FIND=`cat ${PHPINIFILE} | egrep -i 'register_globals.*(on|yes|1)' | grep -v '^;'` FIND=`egrep -i 'register_globals.*(on|yes|1)' ${PHPINIFILE} | grep -v '^;'`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
Display --indent 4 --text "- Checking register_globals option" --result WARNING --color RED Display --indent 4 --text "- Checking register_globals option" --result WARNING --color RED
ReportWarning ${TEST_NO} "M" "PHP option register_globals option is turned on, which can be a risk for variable value overwriting" ReportWarning ${TEST_NO} "M" "PHP option register_globals option is turned on, which can be a risk for variable value overwriting"
@ -171,7 +171,7 @@
Register --test-no PHP-2372 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP expose_php option" Register --test-no PHP-2372 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP expose_php option"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking expose_php option" logtext "Test: Checking expose_php option"
FIND=`cat ${PHPINIFILE} | egrep -i 'expose_php.*(off|no|0)' | grep -v '^;'` FIND=`egrep -i 'expose_php.*(off|no|0)' ${PHPINIFILE} | grep -v '^;'`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
Display --indent 4 --text "- Checking expose_php option" --result ON --color RED Display --indent 4 --text "- Checking expose_php option" --result ON --color RED
ReportWarning ${TEST_NO} "M" "PHP option expose_php is possibly turned on, which can reveal useful information for attackers." ReportWarning ${TEST_NO} "M" "PHP option expose_php is possibly turned on, which can reveal useful information for attackers."
@ -195,7 +195,7 @@
Register --test-no PHP-2374 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP enable_dl option" Register --test-no PHP-2374 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP enable_dl option"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking PHP enable_dl option" logtext "Test: Checking PHP enable_dl option"
FIND=`cat ${PHPINIFILE} | egrep -i 'enable_dl.*(off|no|0)' | grep -v '^;'` FIND=`egrep -i 'enable_dl.*(off|no|0)' ${PHPINIFILE} | grep -v '^;'`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
Display --indent 4 --text "- Checking enable_dl option" --result ON --color YELLOW Display --indent 4 --text "- Checking enable_dl option" --result ON --color YELLOW
report "Result: enable_dl option is turned on, which can be used for riskful downloads via PHP" report "Result: enable_dl option is turned on, which can be used for riskful downloads via PHP"
@ -218,7 +218,7 @@
Register --test-no PHP-2376 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP allow_url_fopen option" Register --test-no PHP-2376 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP allow_url_fopen option"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking PHP allow_url_fopen option" logtext "Test: Checking PHP allow_url_fopen option"
FIND=`cat ${PHPINIFILE} | egrep -i 'allow_url_fopen.*(off|no|0)' | grep -v '^;'` FIND=`egrep -i 'allow_url_fopen.*(off|no|0)' ${PHPINIFILE} | grep -v '^;'`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
Display --indent 4 --text "- Checking allow_url_fopen option" --result ON --color YELLOW Display --indent 4 --text "- Checking allow_url_fopen option" --result ON --color YELLOW
report "Result: allow_url_fopen option is turned on, which can be used for riskful downloads via PHP" report "Result: allow_url_fopen option is turned on, which can be used for riskful downloads via PHP"
@ -241,7 +241,7 @@
Register --test-no PHP-2378 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP allow_url_include option" Register --test-no PHP-2378 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP allow_url_include option"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking PHP allow_url_include option" logtext "Test: Checking PHP allow_url_include option"
FIND=`cat ${PHPINIFILE} | egrep -i 'allow_url_include.*(off|no|0)' | grep -v '^;'` FIND=`egrep -i 'allow_url_include.*(off|no|0)' ${PHPINIFILE} | grep -v '^;'`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
Display --indent 4 --text "- Checking allow_url_include option" --result ON --color YELLOW Display --indent 4 --text "- Checking allow_url_include option" --result ON --color YELLOW
report "Result: allow_url_include option is turned on, which can be used for riskful downloads via PHP" report "Result: allow_url_include option is turned on, which can be used for riskful downloads via PHP"

View File

@ -47,7 +47,7 @@
Register --test-no SHLL-6202 --os FreeBSD --weight L --network NO --description "Check console TTYs" Register --test-no SHLL-6202 --os FreeBSD --weight L --network NO --description "Check console TTYs"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking console TTYs" logtext "Test: Checking console TTYs"
FIND=`cat /etc/ttys | egrep '^console' | grep -v 'insecure'` FIND=`egrep '^console' /etc/ttys | grep -v 'insecure'`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
Display --indent 2 --text "- Checking console TTYs" --result OK --color GREEN Display --indent 2 --text "- Checking console TTYs" --result OK --color GREEN
logtext "Result: console is secured against single user mode without password." logtext "Result: console is secured against single user mode without password."
@ -71,7 +71,7 @@
if [ -f /etc/shells ]; then if [ -f /etc/shells ]; then
logtext "Result: Found /etc/shells file" logtext "Result: Found /etc/shells file"
logtext "Test: Reading available shells from /etc/shells" logtext "Test: Reading available shells from /etc/shells"
SSHELLS=`cat /etc/shells | grep "^/"` SSHELLS=`grep "^/" /etc/shells`
CSSHELLS=0; CSSHELLS_ALL=0 CSSHELLS=0; CSSHELLS_ALL=0
Display --indent 2 --text "- Checking shells from /etc/shells" Display --indent 2 --text "- Checking shells from /etc/shells"
for I in ${SSHELLS}; do for I in ${SSHELLS}; do
@ -113,9 +113,9 @@
if [ -f /etc/profile ]; then if [ -f /etc/profile ]; then
# Determine if we can find a TMOUT value # Determine if we can find a TMOUT value
FIND=`cat /etc/profile | grep 'TMOUT=' | tr -d ' ' | tr -d '\t' | grep -v "^#" | sed 's/export//' | sed 's/#.*//' | awk -F= '{ print $2 }'` FIND=`grep 'TMOUT=' /etc/profile | tr -d ' ' | tr -d '\t' | grep -v "^#" | sed 's/export//' | sed 's/#.*//' | awk -F= '{ print $2 }'`
# Determine if the value is exported (with export, readonly, or typeset) # Determine if the value is exported (with export, readonly, or typeset)
FIND2=`cat /etc/profile | grep '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | grep -v "^#" | sed 's/#.*//' | awk '{ print $1 }'` FIND2=`grep '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' /etc/profile | grep -v "^#" | sed 's/#.*//' | awk '{ print $1 }'`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
N=0; IDLE_TIMEOUT=1 N=0; IDLE_TIMEOUT=1
for I in ${FIND}; do for I in ${FIND}; do

View File

@ -75,7 +75,7 @@
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
WARN=0 WARN=0
logtext "Test: reading active snmp communities" logtext "Test: reading active snmp communities"
FIND=`cat ${SNMPD_DAEMON_CONFIG} | grep "^com2sec" | ${AWKBINARY} '{ print $4 }'` FIND=`${AWKBINARY} '/^com2sec/ { print $4 }' ${SNMPD_DAEMON_CONFIG}`
for I in ${FIND}; do for I in ${FIND}; do
logtext "Output: ${I}" logtext "Output: ${I}"
if [ "${I}" = "public" -o "${I}" = "private" ]; then if [ "${I}" = "public" -o "${I}" = "private" ]; then

View File

@ -110,7 +110,7 @@
Register --test-no SQD-3610 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid version" Register --test-no SQD-3610 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid version"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking all specific defined options in ${SQUID_DAEMON_CONFIG}" logtext "Test: Checking all specific defined options in ${SQUID_DAEMON_CONFIG}"
FIND=`cat ${SQUID_DAEMON_CONFIG} | grep -v "^#" | grep -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g'` FIND=`grep -v "^#" ${SQUID_DAEMON_CONFIG} | grep -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g'`
for I in ${FIND}; do for I in ${FIND}; do
I=`echo ${I} | sed 's/!space!/ /g'` I=`echo ${I} | sed 's/!space!/ /g'`
logtext "Found Squid option: ${I}" logtext "Found Squid option: ${I}"

View File

@ -86,7 +86,7 @@
Register --test-no SSH-7408 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH defined options" Register --test-no SSH-7408 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH defined options"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking all specific defined options in ${SSH_DAEMON_CONFIG}" logtext "Test: Checking all specific defined options in ${SSH_DAEMON_CONFIG}"
FIND=`cat ${SSH_DAEMON_CONFIG} | grep -v "^#" | grep -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g'` FIND=`grep -v "^#" ${SSH_DAEMON_CONFIG} | grep -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g'`
for I in ${FIND}; do for I in ${FIND}; do
I=`echo ${I} | sed 's/!space!/ /g'` I=`echo ${I} | sed 's/!space!/ /g'`
logtext "Found SSH option: ${I}" logtext "Found SSH option: ${I}"
@ -102,7 +102,7 @@
Register --test-no SSH-7412 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: PermitRootLogin" Register --test-no SSH-7412 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: PermitRootLogin"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: check PermitRootLogin option" logtext "Test: check PermitRootLogin option"
FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^PermitRootLogin" | awk '{ print $2 }'` FIND=`awk '/^PermitRootLogin/ { print $2 }' ${SSH_DAEMON_CONFIG}`
if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then
logtext "Result: PermitRootLogin is enabled, root can login directly" logtext "Result: PermitRootLogin is enabled, root can login directly"
Display --indent 4 --text "- SSH option: PermitRootLogin" --result WARNING --color RED Display --indent 4 --text "- SSH option: PermitRootLogin" --result WARNING --color RED
@ -134,7 +134,7 @@
Register --test-no SSH-7414 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: Protocol" Register --test-no SSH-7414 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: Protocol"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: check allowed SSH protocol versions" logtext "Test: check allowed SSH protocol versions"
FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^Protocol" | awk '{ print $2 }'` FIND=`awk '/^Protocol/ { print $2 }' ${SSH_DAEMON_CONFIG}`
if [ "${FIND}" = "1" -o "${FIND}" = "2,1" -o "${FIND}" = "1,2" ]; then if [ "${FIND}" = "1" -o "${FIND}" = "2,1" -o "${FIND}" = "1,2" ]; then
logtext "Result: Protocol option is set to allow SSH protocol version 1" logtext "Result: Protocol option is set to allow SSH protocol version 1"
Display --indent 4 --text "- SSH option: Protocol" --result WARNING --color RED Display --indent 4 --text "- SSH option: Protocol" --result WARNING --color RED
@ -160,7 +160,7 @@
Register --test-no SSH-7416 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: StrictModes" Register --test-no SSH-7416 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: StrictModes"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Check configured StrictModes option" logtext "Test: Check configured StrictModes option"
FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^StrictModes" | awk '{ print $2 }'` FIND=`awk '/^StrictModes/ { print $2 }' ${SSH_DAEMON_CONFIG}`
if [ "${FIND}" = "no" -o "${FIND}" = "NO" -o "${FIND}" = "No" ]; then if [ "${FIND}" = "no" -o "${FIND}" = "NO" -o "${FIND}" = "No" ]; then
logtext "Result: StrictModes option is set to 'no', which means file permissions are NOT checked" logtext "Result: StrictModes option is set to 'no', which means file permissions are NOT checked"
Display --indent 4 --text "- SSH option: StrictModes" --result WARNING --color RED Display --indent 4 --text "- SSH option: StrictModes" --result WARNING --color RED

View File

@ -118,7 +118,7 @@
logtext "Test: check /etc/exports" logtext "Test: check /etc/exports"
if [ -f /etc/exports ]; then if [ -f /etc/exports ]; then
logtext "Result: /etc/exports exists" logtext "Result: /etc/exports exists"
FIND=`cat /etc/exports | grep -v "^$" | grep -v "^#" | sed 's/ /!space!/g'` FIND=`grep -v "^$" /etc/exports | grep -v "^#" | sed 's/ /!space!/g'`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
for I in ${FIND}; do for I in ${FIND}; do
I=`echo ${I} | sed 's/!space!/ /g'` I=`echo ${I} | sed 's/!space!/ /g'`

View File

@ -102,7 +102,7 @@
for I in ${CRONTAB_FILES}; do for I in ${CRONTAB_FILES}; do
if [ -f ${I} ]; then if [ -f ${I} ]; then
logtext "Test: checking for ntpdate or rdate in crontab file ${I}" logtext "Test: checking for ntpdate or rdate in crontab file ${I}"
FIND=`cat ${I} | ${EGREPBINARY} "ntpdate|rdate" | grep -v '^#'` FIND=`${EGREPBINARY} "ntpdate|rdate" ${I} | grep -v '^#'`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
FOUND=1; NTP_CONFIG_TYPE_SCHEDULED=1 FOUND=1; NTP_CONFIG_TYPE_SCHEDULED=1
Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result FOUND --color GREEN Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result FOUND --color GREEN

View File

@ -144,14 +144,14 @@
FileIsReadable ${I} FileIsReadable ${I}
if [ ${CANREAD} -eq 1 ]; then if [ ${CANREAD} -eq 1 ]; then
# Search Virtual Hosts # Search Virtual Hosts
for J in `cat ${I} | grep "ServerName" | grep -v "^#" | awk '{ if ($1=="ServerName") print $2 }'`; do for J in `grep "ServerName" ${I} | grep -v "^#" | awk '{ if ($1=="ServerName") print $2 }'`; do
if [ ! -z ${J} ]; then if [ ! -z ${J} ]; then
tVHOSTS="${tVHOSTS} ${J}" tVHOSTS="${tVHOSTS} ${J}"
cVHOSTS=`expr ${cVHOSTS} + 1` cVHOSTS=`expr ${cVHOSTS} + 1`
fi fi
done done
# Search Server aliases # Search Server aliases
for J in `cat ${I} | grep "ServerAlias" | grep -v "^#" | sed "s/.* ServerAlias//g" | sed "s/#.*//g"`; do for J in `grep "ServerAlias" ${I} | grep -v "^#" | sed "s/.* ServerAlias//g" | sed "s/#.*//g"`; do
if [ ! -z ${J} ]; then if [ ! -z ${J} ]; then
tVHOSTS="${tVHOSTS} ${J}" tVHOSTS="${tVHOSTS} ${J}"
cVHOSTS=`expr ${cVHOSTS} + 1` cVHOSTS=`expr ${cVHOSTS} + 1`
@ -200,12 +200,12 @@
# for APACHE_CONFIGFILE in ${APACHE_CONFIGFILES}; do # for APACHE_CONFIGFILE in ${APACHE_CONFIGFILES}; do
# if [ -f ${APACHE_CONFIGFILE} ]; then # if [ -f ${APACHE_CONFIGFILE} ]; then
# # Check if option ServerTokens is configured # # Check if option ServerTokens is configured
# SERVERTOKENSTEST=`cat ${APACHE_CONFIGFILE} | grep ServerTokens | grep -v '^#'` # SERVERTOKENSTEST=`grep ServerTokens ${APACHE_CONFIGFILE} | grep -v '^#'`
# if [ ! "${SERVERTOKENSTEST}" = "" ]; then # if [ ! "${SERVERTOKENSTEST}" = "" ]; then
# Display --indent 4 --text "- Checking option ServerTokens" --result FOUND --color WHITE # Display --indent 4 --text "- Checking option ServerTokens" --result FOUND --color WHITE
# SERVERTOKENSTEST=`echo ${SERVERTOKENSTEST} | sed 's/ServerTokens//' | tr -d ' '` # SERVERTOKENSTEST=`echo ${SERVERTOKENSTEST} | sed 's/ServerTokens//' | tr -d ' '`
# logtext "Option ServerTokens found: ${SERVERTOKENSTEST}" # logtext "Option ServerTokens found: ${SERVERTOKENSTEST}"
# SERVERTOKENSEXPECTED=`cat ${PROFILE} | grep 'apache' | grep 'ServerTokens' | cut -d ':' -f3` # SERVERTOKENSEXPECTED=`grep 'apache' ${PROFILE} | grep 'ServerTokens' | cut -d ':' -f3`
# if [ "${SERVERTOKENSEXPECTED}" = "${SERVERTOKENSTEST}" ]; then # if [ "${SERVERTOKENSEXPECTED}" = "${SERVERTOKENSTEST}" ]; then
# logtext "Result: Value from configuration file yielded the same output as in template" # logtext "Result: Value from configuration file yielded the same output as in template"
# SERVERTOKENSFOUND=1 # SERVERTOKENSFOUND=1
@ -420,7 +420,7 @@
# Remove temp file # Remove temp file
if [ ! "${TMPFILE}" = "" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi if [ ! "${TMPFILE}" = "" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi
N=0 N=0
cat ${NGINX_CONF_LOCATION} | sed -e 's/^[ ]*//' | grep -v "^#" | grep -v "^$" | sed 's/[ ]/ /g' | sed 's/ / /g' | sed 's/ / /g' >> ${TMPFILE} sed -e 's/^[ ]*//' ${NGINX_CONF_LOCATION} | grep -v "^#" | grep -v "^$" | sed 's/[ ]/ /g' | sed 's/ / /g' | sed 's/ / /g' >> ${TMPFILE}
# Search for included configuration files (may include directories and wild cards) # Search for included configuration files (may include directories and wild cards)
FIND=`grep "include" ${NGINX_CONF_LOCATION} | ${AWKBINARY} '{ if ($1=="include") { print $2 }}' | sed 's/;$//g'` FIND=`grep "include" ${NGINX_CONF_LOCATION} | ${AWKBINARY} '{ if ($1=="include") { print $2 }}' | sed 's/;$//g'`
for I in ${FIND}; do for I in ${FIND}; do
@ -433,7 +433,7 @@
report "nginx_sub_conf_file=${J}" report "nginx_sub_conf_file=${J}"
FileIsReadable ${J} FileIsReadable ${J}
if [ ${CANREAD} -eq 1 ]; then if [ ${CANREAD} -eq 1 ]; then
FIND3=`cat ${J} | sed -e 's/^[ ]*//' | grep -v "^#" | grep -v "^$" | sed 's/[ ]/ /g' | sed 's/ / /g' | sed 's/ / /g' >> ${TMPFILE}` FIND3=`sed -e 's/^[ ]*//' ${J} | grep -v "^#" | grep -v "^$" | sed 's/[ ]/ /g' | sed 's/ / /g' | sed 's/ / /g' >> ${TMPFILE}`
else else
ReportException "${TEST_NO}:1" "Can not parse file ${J}, as it is not readable" ReportException "${TEST_NO}:1" "Can not parse file ${J}, as it is not readable"
fi fi
@ -442,7 +442,7 @@
done done
# Sort all discovered configuration lines and store unique ones. Also strip out the mime types configured in nginx # Sort all discovered configuration lines and store unique ones. Also strip out the mime types configured in nginx
SORTFILE=`cat ${TMPFILE} | sort -u | sed 's/ /:space:/g' | egrep -v "(application|audio|image|text|video)/" | egrep -v "({|})"` SORTFILE=`sort -u ${TMPFILE} | sed 's/ /:space:/g' | egrep -v "(application|audio|image|text|video)/" | egrep -v "({|})"`
for I in ${SORTFILE}; do for I in ${SORTFILE}; do
I=`echo ${I} | sed 's/:space:/ /g'` I=`echo ${I} | sed 's/:space:/ /g'`
report "nginx_config_option=${I}"; report "nginx_config_option=${I}";