tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-09-25 18:59:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve OS detection routine related to end-of-life support and reporting

Browse Source
This commit is contained in:
Michael Boelen 2025-07-31 11:54:41 +00:00
parent 2a0c417a5c
commit 8866355258
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
2 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
include/osdetection
View File

@ -20,6 +20,14 @@
# Operating System detection
#
#################################################################################
#
# Variables:
# OS is primary operating system name (e.g. Linux)
# OS_NAME is typically the name that people will refer it to (e.g. Debian)
# OS_VERSION is usually the major version (12) or major and minor version (12.9)
# OS_FULLNAME is the operating system name and version (often OS_NAME + OS_VERSION)
#
#################################################################################
#
# Check operating system
case $(uname) in
@ -247,6 +255,7 @@
OS_NAME="Debian"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_FULLNAME="${OS_NAME} ${OS_VERSION}"
;;
"devuan")
LINUX_VERSION="Devuan"
@ -952,24 +961,40 @@
# Check if this OS is end-of-life
EOL=255
EOL_DATE=""
EOL_OS_MATCH=""
EOL_STATE=""
EOL_TIMESTAMP=0
Debug "Info: determining if we can find end-of-life of this operating system"
if [ -n "${OS_VERSION}" ]; then
if [ -f "${DBDIR}/software-eol.db" ]; then
FIND="${OS_FULLNAME}"
Debug "Info: using '${OS_FULLNAME}' to search for end-of-life (partial) match"
EOL_TIMESTAMP=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $4}}' ${DBDIR}/software-eol.db | head -n 1)
if [ -n "${EOL_TIMESTAMP}" ]; then
EOL_DATE=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $3}}' ${DBDIR}/software-eol.db | head -n 1)
if [ -n "${EOL_DATE}" ]; then
EOL_OS_MATCH=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $2}}' ${DBDIR}/software-eol.db | head -n 1)
Debug "Found a matching line: ${EOL_OS_MATCH} (timestamp=${EOL_TIMESTAMP}, date=${EOL_DATE})"
if [ ${NOW} -gt ${EOL_TIMESTAMP} ]; then
EOL=1
EOL_STATE="This operating system seems be end-of-life and may no longer receive updates or support!"
Debug "Outcome: OS is end-of-life!"
else
EOL=0
EOL_STATE="This operating system seems not to be end-of-life yet"
Debug "Outcome: OS is not end-of-life yet"
fi
else
EOL=0
fi
else
EOL=0
fi
Debug "Could not find a related OS entry. Maybe it needs to be added to the database (${DBDIR}/software-eol.db)?"
fi
else
Debug "No end-of-life database found (${DBDIR}/software-eol.db)"
fi
else
Debug "No OS version known, so skipped end-of-life check"
fi

13
include/report
View File

@ -279,6 +279,7 @@
###########################################################################################
if [ ! "${PROGRAM_LV}" = "0" -a ! "${REPORTFILE}" = "" -a ! "${REPORTFILE}" = "/dev/null" ]; then
# Determine if the quality of the program can be increased by filtering out the exceptions
FIND=$(${GREPBINARY} "^exception" ${REPORTFILE})
if [ -n "${FIND}" ]; then
@ -293,6 +294,18 @@
echo "================================================================================"
fi
fi
# If end-of-life check failed, ask to submit
if [ ! "${PROGRAM_LV}" = "0" -a ${EOL} -eq 255 ]; then
echo ""
echo " ${SECTION}Notice: ${WHITE}No OS entry was found in the end-of-life database${NORMAL}"
echo ""
echo " ${CYAN}${GEN_WHAT_TO_DO}:${NORMAL}"
echo " Please submit a pull request on GitHub to include your OS version and the end date of this OS version is being supported"
echo " URL: ${PROGRAM_SOURCE}"
echo ""
echo "================================================================================"
fi
fi
# Display what tests are skipped in non-privileged scan for awareness