mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-27 07:44:14 +02:00
Updated log
This commit is contained in:
mboelen
parent
83f4fb9ff4
commit
8a9abeb81f
10
CHANGELOG
10
CHANGELOG
@ -20,8 +20,18 @@
|
|||||||
|
|
||||||
* 1.6.2 (2014-09-xx)
|
* 1.6.2 (2014-09-xx)
|
||||||
|
|
||||||
|
New:
|
||||||
|
- IsVirtualMachine function to check if system is running in VM
|
||||||
|
VM types: Bochs CPU emulation, IBM z/VM, KVM, Linux Containers,
|
||||||
|
libvirt LXC driver (Linux Containers), Microsoft Virtual PC, OpenVZ,
|
||||||
|
Oracle VM VirtualBox, QEMU, Systemd Namespace container,
|
||||||
|
User-Mode Linux (UML), VMware product, XEN
|
||||||
|
|
||||||
|
- ShowSymlinkPath function to check path behind a symlink
|
||||||
|
|
||||||
Changes:
|
Changes:
|
||||||
- Permissions check has been adjusted to allow packaging and pentest mode
|
- Permissions check has been adjusted to allow packaging and pentest mode
|
||||||
|
- Removed individual warnings [BOOT-5184]
|
||||||
- Store PID file in home directory of user if needed
|
- Store PID file in home directory of user if needed
|
||||||
|
|
||||||
* 1.6.1 (2014-09-09)
|
* 1.6.1 (2014-09-09)
|
||||||
|
|||||||
@ -40,10 +40,28 @@
|
|||||||
Display --indent 2 --text "- Checking system binaries..."
|
Display --indent 2 --text "- Checking system binaries..."
|
||||||
logtext "Status: Starting binary scan..."
|
logtext "Status: Starting binary scan..."
|
||||||
for SCANDIR in ${BINPATHS}; do
|
for SCANDIR in ${BINPATHS}; do
|
||||||
logtext "Test: Check if directory exists and is not a symlink"
|
logtext "Test: Check if directory exists"
|
||||||
if [ -d ${SCANDIR} -a ! -L ${SCANDIR} ]; then
|
if [ -d ${SCANDIR} ]; then
|
||||||
|
SKIPDIR=0
|
||||||
|
if [ -L ${SCANDIR} ]; then
|
||||||
|
logtext "Result: directory exists, but is actually a symlink"
|
||||||
|
ShowSymlinkPath ${SCANDIR}
|
||||||
|
if [ ${FOUNDPATH} -eq 1 -a -d ${sFILE} ]; then
|
||||||
|
# Set path to new location
|
||||||
|
logtext "Result: found the path behind this symlink (${SCANDIR} --> ${sFILE})"
|
||||||
|
ORGPATH="${SCANDIR}"
|
||||||
|
SCANDIR="${sFILE}"
|
||||||
|
FIND=`echo ${SCANNEDPATHS} | grep ", ${SCANDIR}"`
|
||||||
|
if [ ! "${FIND}" = "" ]; then
|
||||||
|
SKIPDIR=1; logtext "Result: Skipping this directory as it is a symlink and was already scanned"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
SKIPDIR=1; logtext "Result: Could not find the location of this symlink, or is not a directory"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ ${SKIPDIR} -eq 0 ]; then
|
||||||
logtext "Test: Checking binaries in directory ${SCANDIR}"
|
logtext "Test: Checking binaries in directory ${SCANDIR}"
|
||||||
Display --indent 4 --text "- Checking ${SCANDIR}... " --result FOUND --color GREEN
|
Display --indent 4 --text "- ${SCANDIR}" --result FOUND --color GREEN
|
||||||
SCANNEDPATHS="${SCANNEDPATHS}, ${SCANDIR}"
|
SCANNEDPATHS="${SCANNEDPATHS}, ${SCANDIR}"
|
||||||
logtext "Directory ${SCANDIR} exists. Starting directory scanning..."
|
logtext "Directory ${SCANDIR} exists. Starting directory scanning..."
|
||||||
FIND=`ls ${SCANDIR}`
|
FIND=`ls ${SCANDIR}`
|
||||||
@ -135,7 +153,7 @@
|
|||||||
sysctl) SYSCTLFOUND=1; SYSCTLBINARY="${BINARY}"; logtext " Found known binary: sysctl (kernel parameters) - ${BINARY}" ;;
|
sysctl) SYSCTLFOUND=1; SYSCTLBINARY="${BINARY}"; logtext " Found known binary: sysctl (kernel parameters) - ${BINARY}" ;;
|
||||||
syslog-ng) SYSLOGNGFOUND=1; SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=`${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'`; logtext "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
|
syslog-ng) SYSLOGNGFOUND=1; SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=`${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'`; logtext "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
|
||||||
systemctl) SYSTEMCTLFOUND=1; SYSTEMCTLBINARY="${BINARY}"; logtext " Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
|
systemctl) SYSTEMCTLFOUND=1; SYSTEMCTLBINARY="${BINARY}"; logtext " Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
|
||||||
timedatectl TIMEDATECTLFOUND=1; TIMEDATECTL="${BINARY}"; logtext " Found known binary: timedatectl (timedate client) - ${BINARY}" ;;
|
timedatectl) TIMEDATECTLFOUND=1; TIMEDATECTL="${BINARY}"; logtext " Found known binary: timedatectl (timedate client) - ${BINARY}" ;;
|
||||||
tripwire) TRIPWIREFOUND=1; TRIPWIREBINARY="${BINARY}"; logtext " Found known binary: tripwire (file integrity) - ${BINARY}" ;;
|
tripwire) TRIPWIREFOUND=1; TRIPWIREBINARY="${BINARY}"; logtext " Found known binary: tripwire (file integrity) - ${BINARY}" ;;
|
||||||
tune2fs) TUNE2FSFOUND=1; TUNE2FSBINARY="${BINARY}"; logtext " Found known binary: tune2fs (file system tool) - ${BINARY}" ;;
|
tune2fs) TUNE2FSFOUND=1; TUNE2FSBINARY="${BINARY}"; logtext " Found known binary: tune2fs (file system tool) - ${BINARY}" ;;
|
||||||
vgdisplay) VGDISPLAYFOUND=1; VGDISPLAYBINARY="${BINARY}"; logtext " Found known binary: vgdisplay (LVM tool) - ${BINARY}" ;;
|
vgdisplay) VGDISPLAYFOUND=1; VGDISPLAYBINARY="${BINARY}"; logtext " Found known binary: vgdisplay (LVM tool) - ${BINARY}" ;;
|
||||||
@ -146,8 +164,12 @@
|
|||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
Display --indent 4 --text "- Checking ${SCANDIR}... " --result "NOT FOUND" --color WHITE
|
logtext "Result: Directory ${SCANDIR} skipped"
|
||||||
logtext "Directory ${SCANDIR} does NOT exist or is a symlink."
|
Display --indent 4 --text "- ${SCANDIR} (symlinked from ${ORGPATH})" --result SKIPPED --color YELLOW
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
Display --indent 4 --text "- ${SCANDIR}" --result "NOT FOUND" --color WHITE
|
||||||
|
logtext "Result: Directory ${SCANDIR} does NOT exist"
|
||||||
fi
|
fi
|
||||||
logtextbreak
|
logtextbreak
|
||||||
done
|
done
|
||||||
|
|||||||
@ -536,7 +536,7 @@
|
|||||||
# Try common guest processes
|
# Try common guest processes
|
||||||
logtext "Test: trying to guess virtual machine type by running processes"
|
logtext "Test: trying to guess virtual machine type by running processes"
|
||||||
IsRunning vmware-guestd
|
IsRunning vmware-guestd
|
||||||
if [ ${RUNNING} -eq 1 ]; then ISVIRTUALMACHINE=1; VMTYPE="vmware"; VMFULLTYPE="VMware product" ; fi
|
if [ ${RUNNING} -eq 1 ]; then ISVIRTUALMACHINE=1; VMTYPE="vmware"; VMFULLTYPE="VMware product"; fi
|
||||||
fi
|
fi
|
||||||
if [ ${ISVIRTUALMACHINE} -eq 1 ]; then
|
if [ ${ISVIRTUALMACHINE} -eq 1 ]; then
|
||||||
logtext "Result: found virtual machine (type: ${VMTYPE}, ${VMFULLTYPE})"
|
logtext "Result: found virtual machine (type: ${VMTYPE}, ${VMFULLTYPE})"
|
||||||
@ -1158,7 +1158,7 @@
|
|||||||
fi
|
fi
|
||||||
# Now check if our new location is actually a file or directory destination
|
# Now check if our new location is actually a file or directory destination
|
||||||
if [ -L ${sFILE} ]; then
|
if [ -L ${sFILE} ]; then
|
||||||
logtext "Result: discovered location ${sFILE} is another symlink"
|
logtext "Result: unable to determine symlink, or location ${sFILE} is just another symlink"
|
||||||
FOUNDPATH=0
|
FOUNDPATH=0
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|||||||
@ -56,28 +56,39 @@
|
|||||||
FOUND=1; NTPD_RUNNING=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1
|
FOUND=1; NTPD_RUNNING=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1
|
||||||
NTP_DAEMON="ntpd"
|
NTP_DAEMON="ntpd"
|
||||||
logtext "Result: found running NTP daemon in process list"
|
logtext "Result: found running NTP daemon in process list"
|
||||||
Display --indent 2 --text "- Checking running NTP daemon (ntpd)..." --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking running NTP daemon (ntpd)" --result FOUND --color GREEN
|
||||||
else
|
else
|
||||||
logtext "Result: NTP daemon not found in process list"
|
logtext "Result: NTP daemon not found in process list"
|
||||||
Display --indent 2 --text "- Checking running NTP daemon (ntpd)..." --result "NOT FOUND" --color WHITE
|
Display --indent 2 --text "- Checking running NTP daemon (ntpd)" --result "NOT FOUND" --color WHITE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check time daemon (eg NetBSD)
|
# Check time daemon (eg NetBSD)
|
||||||
IsRunning timed
|
IsRunning timed
|
||||||
if [ ${RUNNING} -eq 1 ]; then
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="timed"
|
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="timed"
|
||||||
Display --indent 2 --text "- Checking running NTP daemon (timed)..." --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking running NTP daemon (timed)" --result FOUND --color GREEN
|
||||||
else
|
else
|
||||||
Display --indent 2 --text "- Checking running NTP daemon (timed)..." --result "NOT FOUND" --color WHITE
|
Display --indent 2 --text "- Checking running NTP daemon (timed)" --result "NOT FOUND" --color WHITE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check time daemon (eg DragonFly BSD)
|
# Check time daemon (eg DragonFly BSD)
|
||||||
IsRunning dntpd
|
IsRunning dntpd
|
||||||
if [ ${RUNNING} -eq 1 ]; then
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="dntpd"
|
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="dntpd"
|
||||||
Display --indent 2 --text "- Checking running NTP daemon (dntpd)..." --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking running NTP daemon (dntpd)" --result FOUND --color GREEN
|
||||||
else
|
else
|
||||||
Display --indent 2 --text "- Checking running NTP daemon (dntpd)..." --result "NOT FOUND" --color WHITE
|
Display --indent 2 --text "- Checking running NTP daemon (dntpd)" --result "NOT FOUND" --color WHITE
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check timedate daemon (systemd)
|
||||||
|
if [ ! "${TIMEDATECTL}" = "" ]; then
|
||||||
|
FIND=`${TIMEDATECTL} status | grep "NTP enabled: yes"`
|
||||||
|
if [ "${FIND}" = "" ]; then
|
||||||
|
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="timedated"
|
||||||
|
Display --indent 2 --text "- Checking running NTP daemon (timedated)" --result "NOT FOUND" --color WHITE
|
||||||
|
else
|
||||||
|
Display --indent 2 --text "- Checking running NTP daemon (timedated)" --result "FOUND" --color GREEN
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check crontab for OpenBSD/FreeBSD
|
# Check crontab for OpenBSD/FreeBSD
|
||||||
@ -90,10 +101,10 @@
|
|||||||
if [ ! "${FIND}" = "" ]; then
|
if [ ! "${FIND}" = "" ]; then
|
||||||
FOUND=1;
|
FOUND=1;
|
||||||
NTP_CONFIG_TYPE_SCHEDULED=1
|
NTP_CONFIG_TYPE_SCHEDULED=1
|
||||||
Display --indent 2 --text "- Checking NTP client in crontab file (${I})..." --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result FOUND --color GREEN
|
||||||
logtext "Result: found ntpdate or rdate reference in crontab file ${I}"
|
logtext "Result: found ntpdate or rdate reference in crontab file ${I}"
|
||||||
else
|
else
|
||||||
Display --indent 2 --text "- Checking NTP client in crontab file (${I})..." --result "NOT FOUND" --color WHITE
|
Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result "NOT FOUND" --color WHITE
|
||||||
logtext "Result: no ntpdate or rdate reference found in crontab file ${I}"
|
logtext "Result: no ntpdate or rdate reference found in crontab file ${I}"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user