tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added new test DBS-1828

This commit is contained in:
Michael Boelen 2019-10-08 15:15:18 +02:00
parent f188bac7e8
commit 87f5596952
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
3 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -47,6 +47,7 @@ Using the relevant options, the scan will change base on the intended goal.
- New profile option: disable-plugin - disables a single plugin
- New profile option: ssl-certificate-paths-to-ignore - ignore a path
- New test: CRYP-7930 - test for LUKS encryption
- New test: DBS-1828 - PostgreSQL configuration files
- New test: FINT-4316 - presence of AIDE database and size test
- New test: INSE-8314 - test for NIS client
- New test: INSE-8316 - test for NIS server

1
db/tests.db
View File

@ -92,6 +92,7 @@ DBS-1816:test:security:databases::Checking MySQL root password:
DBS-1818:test:security:databases::MongoDB status:
DBS-1820:test:security:databases::Check MongoDB authentication:
DBS-1826:test:security:databases::Checking active PostgreSQL processes:
DBS-1828:test:security:databases::PostgreSQL configuration files:
DBS-1840:test:security:databases::Checking active Oracle processes:
DBS-1860:test:security:databases::Checking active DB2 instances:
DBS-1880:test:security:databases::Checking active Redis processes:

25
include/tests_databases
View File

@ -179,6 +179,31 @@
fi
#
#################################################################################
#
# Test : DBS-1828
# Description : Test PostgreSQL configuration file(s)
#
# Authentication:
# /var/lib/pgsql/data/pg_hba.conf
#
# Configuration
# Arch /var/lib/postgres/data/postgresql.conf
# CentOS/Fedora /var/lib/pgsql/data/postgresql.conf
# Ubuntu /etc/postgresql/x.y/main/postgresql.conf
if [ "${POSTGRESQL_RUNNING}" -eq 1 ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="PostgreSQL not installed or not running"; fi
Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration"
if [ ${SKIPTEST} -eq 0 ]; then
FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data"
CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}" | ${SEDBINARY} "s/ /:space:/g"')
for CF in ${CONFIG_FILES}; do
Report "postgresql_config_file[]=${CF}"
LogText "Found configuration file (${CF})"
done
fi
#
#################################################################################
#
# Test : DBS-1840
# Description : Check if Oracle is being used