tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-31 01:34:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update tests_firewalls

Browse Source
This commit is contained in:
nser77 2024-10-16 11:34:20 +02:00 committed by GitHub
parent b1e1f61975
commit 86dd94c7bc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 27 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
include/tests_firewalls
View File

@ -137,29 +137,27 @@
if [ "${IPTABLES_TABLE}" = "filter" ] || [ "${IPTABLES_TABLE}" = "security" ]; then if [ "${IPTABLES_TABLE}" = "filter" ] || [ "${IPTABLES_TABLE}" = "security" ]; then
if [ "${IPTABLES_CHAIN}" = "INPUT" ]; then if [ "${IPTABLES_CHAIN}" = "INPUT" ]; then
if [ "${IPTABLES_TARGET}" = "ACCEPT" ]; then if [ "${IPTABLES_TARGET}" = "ACCEPT" ]; then
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE} ${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} YELLOW" IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE}\n${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} YELLOW 1 3"
AddHP 1 3
elif [ "${IPTABLES_TARGET}" = "DROP" ]; then elif [ "${IPTABLES_TARGET}" = "DROP" ]; then
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE} ${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} GREEN" IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE}\n${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} GREEN 3 3"
AddHP 3 3
fi fi
fi fi
if [ "${IPTABLES_CHAIN}" = "INPUT" ] || [ "${IPTABLES_CHAIN}" = "FORWARD" ] || [ "${IPTABLES_CHAIN}" = "OUTPUT" ]; then if [ "${IPTABLES_CHAIN}" = "INPUT" ] || [ "${IPTABLES_CHAIN}" = "FORWARD" ] || [ "${IPTABLES_CHAIN}" = "OUTPUT" ]; then
if [ "${IPTABLES_TARGET}" = "NFQUEUE" ]; then if [ "${IPTABLES_TARGET}" = "NFQUEUE" ]; then
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE} ${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} RED" IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE}\n${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} RED 0 3"
AddHP 0 3
fi fi
fi fi
fi fi
done done
if [ -n "${IPTABLES_OUTPUT_QUEUE}" ]; then
# Sort output if sort tool is available # Sort output if sort tool is available
if [ -n "${SORTBINARY}" ]; then if [ -n "${SORTBINARY}" ]; then
LogText "Info: sorting output" LogText "Info: sorting output"
IPTABLES_OUTPUT="$(echo "${IPTABLES_OUTPUT_QUEUE}" | ${SORTBINARY} -u )" IPTABLES_OUTPUT="$(printf '%b' "${IPTABLES_OUTPUT_QUEUE}" | ${SORTBINARY} -u )"
else else
IPTABLES_OUTPUT="${IPTABLES_OUTPUT_QUEUE}" IPTABLES_OUTPUT="$(printf '%b' "${IPTABLES_OUTPUT_QUEUE}")"
fi fi
echo "${IPTABLES_OUTPUT}" | while IFS="$(printf '\n')" read -r IPTABLES_OUTPUT_LINE printf '%b\n' "${IPTABLES_OUTPUT}" | while IFS="$(printf '\n')" read -r IPTABLES_OUTPUT_LINE
do do
if [ -n "$IPTABLES_OUTPUT_LINE" ]; then if [ -n "$IPTABLES_OUTPUT_LINE" ]; then
set -- ${IPTABLES_OUTPUT_LINE} set -- ${IPTABLES_OUTPUT_LINE}
@ -170,10 +168,12 @@
then then
ReportSuggestion "${TEST_NO}" "Consider avoid ${3} target if possible (iptables chain ${2}, table: ${1})" ReportSuggestion "${TEST_NO}" "Consider avoid ${3} target if possible (iptables chain ${2}, table: ${1})"
fi fi
shift 4 AddHP "${5}" "${6}"
shift 6
done done
fi fi
done done
fi
} }
unset IPTABLES_TABLE unset IPTABLES_TABLE
done done