tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added DBS-1888 to test for Redis bound to localhost

This commit is contained in:
Michael Boelen 2016-08-12 09:57:03 +02:00
parent 1a6da63427
commit 889a57fc03
2 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
db/tests.db
View File

@ -89,6 +89,8 @@ DBS-1860:test:security:databases::Checking active DB2 instances:
DBS-1880:test:security:databases::Checking active Redis processes:
DBS-1882:test:security:databases::Redis configuration file:
DBS-1884:test:security:databases::Redis configuration (requirepass):
DBS-1886:test:security:databases::Redis configuration (CONFIG command renamed):
DBS-1888:test:security:databases::Redis configuration (bind on localhost):
FINT-4310:test:security:file_integrity::AFICK availability:
FINT-4314:test:security:file_integrity::AIDE availability:
FINT-4315:test:security:file_integrity::Check AIDE configuration file:

24
include/tests_databases
View File

@ -253,6 +253,30 @@
fi
#
#################################################################################
#
# Test : DBS-1888
# Description : Determine Redis configuration option: bind on localhost
if [ ${REDIS_RUNNING} -eq 1 -a ${REDIS_CONFIGURATION_FOUND} -eq 1 ]; then PREQS_METS="YES"; else PREQS_MET="NO"; fi
Register --test-no DBS-1888 --weight L --network NO --preqs-met "${PREQS_MET}" --category security --description "Redis: bind on localhost"
if [ ${SKIPTEST} -eq 0 ]; then
if FileIsReadable ${REDIS_CONFIGURATION}; then
if SearchItem "^bind (localhost|127\.)" "${REDIS_CONFIGURATION}" "--sensitive"; then
LogText "Result: found 'bind on localhost' configured"
AddHP 3 3
Display --indent 4 --text "- Redis (bind on localhost)" --result "${STATUS_FOUND}" --color GREEN
Report "redis_bind_localhost=1"
else
AddHP 0 3
Display --indent 4 --text "- Redis (bind on localhost)" --result "${STATUS_NOT_FOUND}" --color YELLOW
ReportSuggestion "${TEST_NO}" "Use 'bind' setting to listen on localhost for Redis instance" "${REDIS_CONFIGURATION}" "solution:configure 'bind localhost' to listen on localhost only"
Report "redis_bind_localhost=0"
fi
else
LogText "Result: test skipped, as we can't read configuration file"
fi
fi
#
#################################################################################
#
if [ ${DATABASE_ENGINE_RUNNING} -eq 0 ]; then