mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-27 07:44:14 +02:00
Updated log
This commit is contained in:
mboelen
parent
83f4fb9ff4
commit
8a9abeb81f
10
CHANGELOG
10
CHANGELOG
@ -20,8 +20,18 @@
|
|||||||
|
|
||||||
* 1.6.2 (2014-09-xx)
|
* 1.6.2 (2014-09-xx)
|
||||||
|
|
||||||
|
New:
|
||||||
|
- IsVirtualMachine function to check if system is running in VM
|
||||||
|
VM types: Bochs CPU emulation, IBM z/VM, KVM, Linux Containers,
|
||||||
|
libvirt LXC driver (Linux Containers), Microsoft Virtual PC, OpenVZ,
|
||||||
|
Oracle VM VirtualBox, QEMU, Systemd Namespace container,
|
||||||
|
User-Mode Linux (UML), VMware product, XEN
|
||||||
|
|
||||||
|
- ShowSymlinkPath function to check path behind a symlink
|
||||||
|
|
||||||
Changes:
|
Changes:
|
||||||
- Permissions check has been adjusted to allow packaging and pentest mode
|
- Permissions check has been adjusted to allow packaging and pentest mode
|
||||||
|
- Removed individual warnings [BOOT-5184]
|
||||||
- Store PID file in home directory of user if needed
|
- Store PID file in home directory of user if needed
|
||||||
|
|
||||||
* 1.6.1 (2014-09-09)
|
* 1.6.1 (2014-09-09)
|
||||||
|
|||||||
236
include/binaries
236
include/binaries
@ -40,114 +40,136 @@
|
|||||||
Display --indent 2 --text "- Checking system binaries..."
|
Display --indent 2 --text "- Checking system binaries..."
|
||||||
logtext "Status: Starting binary scan..."
|
logtext "Status: Starting binary scan..."
|
||||||
for SCANDIR in ${BINPATHS}; do
|
for SCANDIR in ${BINPATHS}; do
|
||||||
logtext "Test: Check if directory exists and is not a symlink"
|
logtext "Test: Check if directory exists"
|
||||||
if [ -d ${SCANDIR} -a ! -L ${SCANDIR} ]; then
|
if [ -d ${SCANDIR} ]; then
|
||||||
logtext "Test: Checking binaries in directory ${SCANDIR}"
|
SKIPDIR=0
|
||||||
Display --indent 4 --text "- Checking ${SCANDIR}... " --result FOUND --color GREEN
|
if [ -L ${SCANDIR} ]; then
|
||||||
SCANNEDPATHS="${SCANNEDPATHS}, ${SCANDIR}"
|
logtext "Result: directory exists, but is actually a symlink"
|
||||||
logtext "Directory ${SCANDIR} exists. Starting directory scanning..."
|
ShowSymlinkPath ${SCANDIR}
|
||||||
FIND=`ls ${SCANDIR}`
|
if [ ${FOUNDPATH} -eq 1 -a -d ${sFILE} ]; then
|
||||||
for I in ${FIND}; do
|
# Set path to new location
|
||||||
N=`expr ${N} + 1`
|
logtext "Result: found the path behind this symlink (${SCANDIR} --> ${sFILE})"
|
||||||
BINARY="${SCANDIR}/${I}"
|
ORGPATH="${SCANDIR}"
|
||||||
logtext "Binary: ${BINARY}"
|
SCANDIR="${sFILE}"
|
||||||
# Optimized, much quicker (limited file access needed)
|
FIND=`echo ${SCANNEDPATHS} | grep ", ${SCANDIR}"`
|
||||||
case ${I} in
|
if [ ! "${FIND}" = "" ]; then
|
||||||
aa-status) APPARMORFOUND=1; AASTATUSBINARY=${BINARY}; logtext " Found known binary: aa-status (apparmor component) - ${BINARY}" ;;
|
SKIPDIR=1; logtext "Result: Skipping this directory as it is a symlink and was already scanned"
|
||||||
afick.pl) AFICKFOUND=1; AFICKBINARY=${BINARY}; logtext " Found known binary: afick (file integrity checker) - ${BINARY}" ;;
|
fi
|
||||||
aide) AIDEFOUND=1; AIDEBINARY=${BINARY}; logtext " Found known binary: aide (file integrity checker) - ${BINARY}" ;;
|
else
|
||||||
apache2) if [ -f ${BINARY} ]; then HTTPDFOUND=1; HTTPDBINARY=${BINARY}; logtext " Found known binary: apache2 (web server) - ${BINARY}"; fi ;;
|
SKIPDIR=1; logtext "Result: Could not find the location of this symlink, or is not a directory"
|
||||||
auditd) AUDITDFOUND=1; AUDITDBINARY=${BINARY}; logtext " Found known binary: auditd (audit framework) - ${BINARY}" ;;
|
fi
|
||||||
awk) if [ -f ${BINARY} ]; then AWKFOUND=1; AWKBINARY=${BINARY}; logtext " Found known binary: awk (string tool) - ${BINARY}"; fi ;;
|
fi
|
||||||
dig) DIGFOUND=1; DIGBINARY=${BINARY}; logtext " Found known binary: dig (nameservice tool) - ${BINARY}" ;;
|
if [ ${SKIPDIR} -eq 0 ]; then
|
||||||
as) ASFOUND=1; ASBINARY="${BINARY}"; COMPILER_INSTALLED=1; logtext " Found known binary: as (compiler) - ${BINARY}" ;;
|
logtext "Test: Checking binaries in directory ${SCANDIR}"
|
||||||
auditctl) AUDITCTLFOUND=1; AUDITCTLBINARY="${BINARY}"; logtext " Found known binary: auditctl (control utility for audit daemon) - ${BINARY}" ;;
|
Display --indent 4 --text "- ${SCANDIR}" --result FOUND --color GREEN
|
||||||
autolog) AUTOLOGFOUND=1; AUTOLOGBINARY="${BINARY}"; IDLE_SESSION_KILLER_INSTALLED=1; logtext " Found known binary: autolog (idle session killer) - ${BINARY}" ;;
|
SCANNEDPATHS="${SCANNEDPATHS}, ${SCANDIR}"
|
||||||
chkconfig) CHKCONFIGFOUND=1; CHKCONFIGBINARY=${BINARY}; logtext " Found known binary: chkconfig (administration tool) - ${BINARY}" ;;
|
logtext "Directory ${SCANDIR} exists. Starting directory scanning..."
|
||||||
clamscan) CLAMSCANFOUND=1; CLAMSCANBINARY=${BINARY}; logtext " Found known binary: clamscan (AV scanner) - ${BINARY}" ;;
|
FIND=`ls ${SCANDIR}`
|
||||||
cfagent) CFAGENTFOUND=1; CFAGENTBINARY="${BINARY}"; FILE_INT_TOOL_FOUND=1; logtext " Found known binary: cfengine agent (configuration tool) - ${BINARY}" ;;
|
for I in ${FIND}; do
|
||||||
chkrootkit) CHKROOTKITFOUND=1; CHKROOTKITBINARY="${BINARY}"; MALWARE_SCANNER_INSTALLED=1; logtext " Found known binary: chkrootkit (malware scanner) - ${BINARY}" ;;
|
N=`expr ${N} + 1`
|
||||||
curl) CURLFOUND=1; CURLBINARY="${BINARY}"; logtext " Found known binary: curl (browser) - ${BINARY}" ;;
|
BINARY="${SCANDIR}/${I}"
|
||||||
dig) if [ -f ${BINARY} ]; then DIGFOUND=1; DIGBINARY=${BINARY}; logtext " Found known binary: dig (network/dns tool) - ${BINARY}"; fi ;;
|
logtext "Binary: ${BINARY}"
|
||||||
dnsdomainname) DNSDOMAINNAMEFOUND=1; DNSDOMAINNAMEBINARY="${BINARY}"; logtext " Found known binary: dnsdomainname (DNS domain) - ${BINARY}" ;;
|
# Optimized, much quicker (limited file access needed)
|
||||||
domainname) DOMAINNAMEFOUND=1; DOMAINNAMEBINARY="${BINARY}"; logtext " Found known binary: domainname (NIS domain) - ${BINARY}" ;;
|
case ${I} in
|
||||||
egrep) EGREPFOUND=1; EGREPBINARY=${BINARY}; logtext " Found known binary: egrep (text search) - ${BINARY}" ;;
|
aa-status) APPARMORFOUND=1; AASTATUSBINARY=${BINARY}; logtext " Found known binary: aa-status (apparmor component) - ${BINARY}" ;;
|
||||||
exim) EXIMFOUND=1; EXIMBINARY="${BINARY}"; EXIMVERSION=`${BINARY} -bV | grep 'Exim version' | awk '{ print $3 }' | xargs`; logtext "Found ${BINARY} (version ${EXIMVERSION})" ;;
|
afick.pl) AFICKFOUND=1; AFICKBINARY=${BINARY}; logtext " Found known binary: afick (file integrity checker) - ${BINARY}" ;;
|
||||||
find) FINDFOUND=1; FINDBINARY="${BINARY}"; logtext " Found known binary: find (search tool) - ${BINARY}" ;;
|
aide) AIDEFOUND=1; AIDEBINARY=${BINARY}; logtext " Found known binary: aide (file integrity checker) - ${BINARY}" ;;
|
||||||
g++) GPLUSPLUSFOUND=1; GPLUSPLUSBINARY="${BINARY}"; COMPILER_INSTALLED=1; logtext " Found known binary: g++ (compiler) - ${BINARY}" ;;
|
apache2) if [ -f ${BINARY} ]; then HTTPDFOUND=1; HTTPDBINARY=${BINARY}; logtext " Found known binary: apache2 (web server) - ${BINARY}"; fi ;;
|
||||||
# additional file check due to existance /usr/libexec/gcc (directory)
|
auditd) AUDITDFOUND=1; AUDITDBINARY=${BINARY}; logtext " Found known binary: auditd (audit framework) - ${BINARY}" ;;
|
||||||
gcc) if [ -f ${BINARY} ]; then GCCBINARY="${BINARY}"; COMPILER_INSTALLED=1; logtext " Found known binary: gcc (compiler) - ${BINARY}"; fi ;;
|
awk) if [ -f ${BINARY} ]; then AWKFOUND=1; AWKBINARY=${BINARY}; logtext " Found known binary: awk (string tool) - ${BINARY}"; fi ;;
|
||||||
grep) GREPFOUND=1; GREPBINARY=${BINARY}; logtext " Found known binary: grep (text search) - ${BINARY}" ;;
|
dig) DIGFOUND=1; DIGBINARY=${BINARY}; logtext " Found known binary: dig (nameservice tool) - ${BINARY}" ;;
|
||||||
httpd2-prefork) HTTPDFOUND=1; HTTPDBINARY=${BINARY}; logtext " Found known binary: apache2 (web server) - ${BINARY}" ;;
|
as) ASFOUND=1; ASBINARY="${BINARY}"; COMPILER_INSTALLED=1; logtext " Found known binary: as (compiler) - ${BINARY}" ;;
|
||||||
lvdisplay) LVDISPLAYBINARY="${BINARY}"; logtext " Found known binary: lvdisplay (LVM tool) - ${BINARY}" ;;
|
auditctl) AUDITCTLFOUND=1; AUDITCTLBINARY="${BINARY}"; logtext " Found known binary: auditctl (control utility for audit daemon) - ${BINARY}" ;;
|
||||||
named-checkconf) NAMEDCHECKCONFIGFOUND=1; NAMEDCHECKCONFBINARY="${BINARY}"; logtext " Found known binary: named-checkconf (BIND configuration analyzer) - ${BINARY}" ;;
|
autolog) AUTOLOGFOUND=1; AUTOLOGBINARY="${BINARY}"; IDLE_SESSION_KILLER_INSTALLED=1; logtext " Found known binary: autolog (idle session killer) - ${BINARY}" ;;
|
||||||
grpck) GRPCKFOUND=1; GRPCKBINARY="${BINARY}"; logtext " Found known binary: grpck (consistency checker) - ${BINARY}" ;;
|
chkconfig) CHKCONFIGFOUND=1; CHKCONFIGBINARY=${BINARY}; logtext " Found known binary: chkconfig (administration tool) - ${BINARY}" ;;
|
||||||
httpd) if [ -f ${BINARY} ]; then HTTPDFOUND=1; HTTPDBINARY="${BINARY}"; logtext " Found known binary: httpd (web server) - ${BINARY}"; fi ;;
|
clamscan) CLAMSCANFOUND=1; CLAMSCANBINARY=${BINARY}; logtext " Found known binary: clamscan (AV scanner) - ${BINARY}" ;;
|
||||||
ip) IPFOUND=1; IPBINARY="${BINARY}"; logtext " Found known binary: ip (IP configuration) - ${BINARY}" ;;
|
cfagent) CFAGENTFOUND=1; CFAGENTBINARY="${BINARY}"; FILE_INT_TOOL_FOUND=1; logtext " Found known binary: cfengine agent (configuration tool) - ${BINARY}" ;;
|
||||||
ipf) IPFFOUND=1; IPFBINARY="${BINARY}"; logtext " Found known binary: ipf (firewall) - ${BINARY}" ;;
|
chkrootkit) CHKROOTKITFOUND=1; CHKROOTKITBINARY="${BINARY}"; MALWARE_SCANNER_INSTALLED=1; logtext " Found known binary: chkrootkit (malware scanner) - ${BINARY}" ;;
|
||||||
ifconfig) IFCONFIGFOUND=1; IFCONFIGBINARY="${BINARY}"; logtext " Found known binary: ipconfig (IP configuration) - ${BINARY}" ;;
|
curl) CURLFOUND=1; CURLBINARY="${BINARY}"; logtext " Found known binary: curl (browser) - ${BINARY}" ;;
|
||||||
iptables) if [ -f ${BINARY} ]; then IPTABLESFOUND=1; IPTABLESBINARY="${BINARY}"; logtext " Found known binary: iptables (firewall) - ${BINARY}"; fi ;;
|
dig) if [ -f ${BINARY} ]; then DIGFOUND=1; DIGBINARY=${BINARY}; logtext " Found known binary: dig (network/dns tool) - ${BINARY}"; fi ;;
|
||||||
kldstat) KLDSTATFOUND=1; KLDSTATBINARY="${BINARY}"; logtext " Found known binary: kldstat (kernel modules) - ${BINARY}" ;;
|
dnsdomainname) DNSDOMAINNAMEFOUND=1; DNSDOMAINNAMEBINARY="${BINARY}"; logtext " Found known binary: dnsdomainname (DNS domain) - ${BINARY}" ;;
|
||||||
kstat) KSTATFOUND=1; KSTATBINARY="${BINARY}"; logtext " Found known binary: kstat (kernel statistics) - ${BINARY}" ;;
|
domainname) DOMAINNAMEFOUND=1; DOMAINNAMEBINARY="${BINARY}"; logtext " Found known binary: domainname (NIS domain) - ${BINARY}" ;;
|
||||||
locate) LOCATEFOUND=1; LOCATEBINARY="${BINARY}"; logtext " Found known binary: locate (file database) - ${BINARY}" ;;
|
egrep) EGREPFOUND=1; EGREPBINARY=${BINARY}; logtext " Found known binary: egrep (text search) - ${BINARY}" ;;
|
||||||
logrotate) LOGROTATEFOUND=1; LOGROTATEBINARY="${BINARY}"; logtext " Found known binary: logrotate (log rotation tool) - ${BINARY}" ;;
|
exim) EXIMFOUND=1; EXIMBINARY="${BINARY}"; EXIMVERSION=`${BINARY} -bV | grep 'Exim version' | awk '{ print $3 }' | xargs`; logtext "Found ${BINARY} (version ${EXIMVERSION})" ;;
|
||||||
ls) LSFOUND=1; LSBINARY="${BINARY}"; logtext " Found known binary: ls (file listing) - ${BINARY}" ;;
|
find) FINDFOUND=1; FINDBINARY="${BINARY}"; logtext " Found known binary: find (search tool) - ${BINARY}" ;;
|
||||||
lsattr) LSATTRFOUND=1; LSATTRBINARY="${BINARY}"; logtext " Found known binary: lsattr (file attributes) - ${BINARY}" ;;
|
g++) GPLUSPLUSFOUND=1; GPLUSPLUSBINARY="${BINARY}"; COMPILER_INSTALLED=1; logtext " Found known binary: g++ (compiler) - ${BINARY}" ;;
|
||||||
lsmod) LSMODFOUND=1; LSMODBINARY="${BINARY}"; logtext " Found known binary: lsmod (kernel modules) - ${BINARY}" ;;
|
# additional file check due to existance /usr/libexec/gcc (directory)
|
||||||
lsof) LSOFFOUND=1; LSOFBINARY="${BINARY}"; logtext " Found known binary: lsof (open files) - ${BINARY}" ;;
|
gcc) if [ -f ${BINARY} ]; then GCCBINARY="${BINARY}"; COMPILER_INSTALLED=1; logtext " Found known binary: gcc (compiler) - ${BINARY}"; fi ;;
|
||||||
lynx) LYNXFOUND=1; LYNXBINARY="${BINARY}"; LYNXVERSION=`${BINARY} -version | grep "^Lynx Version" | cut -d ' ' -f3`; logtext "Found known binary: lynx (browser) - ${BINARY} (version ${LYNXVERSION})" ;;
|
grep) GREPFOUND=1; GREPBINARY=${BINARY}; logtext " Found known binary: grep (text search) - ${BINARY}" ;;
|
||||||
md5) MD5FOUND=1; MD5BINARY="${BINARY}"; logtext " Found ${BINARY}" ;;
|
httpd2-prefork) HTTPDFOUND=1; HTTPDBINARY=${BINARY}; logtext " Found known binary: apache2 (web server) - ${BINARY}" ;;
|
||||||
md5sum) MD5FOUND=1; MD5BINARY="${BINARY}"; logtext " Found ${BINARY}" ;;
|
lvdisplay) LVDISPLAYBINARY="${BINARY}"; logtext " Found known binary: lvdisplay (LVM tool) - ${BINARY}" ;;
|
||||||
mtree) MTREEFOUND=1; MTREEBINARY="${BINARY}"; logtext " Found known binary: mtree (mapping directory tree) - ${BINARY}" ;;
|
named-checkconf) NAMEDCHECKCONFIGFOUND=1; NAMEDCHECKCONFBINARY="${BINARY}"; logtext " Found known binary: named-checkconf (BIND configuration analyzer) - ${BINARY}" ;;
|
||||||
mysql) MYSQLCLIENTFOUND=1; MYSQLCLIENTBINARY="${BINARY}"; MYSQLCLIENTVERSION=`${BINARY} -V | awk '{ if ($4=="Distrib") { print $5 }}' | sed 's/,//g'` ; logtext "Found ${BINARY} (version: ${MYSQLCLIENTVERSION})" ;;
|
grpck) GRPCKFOUND=1; GRPCKBINARY="${BINARY}"; logtext " Found known binary: grpck (consistency checker) - ${BINARY}" ;;
|
||||||
netstat) NETSTATFOUND=1; NETSTATBINARY="${BINARY}"; logtext " Found ${BINARY}" ;;
|
httpd) if [ -f ${BINARY} ]; then HTTPDFOUND=1; HTTPDBINARY="${BINARY}"; logtext " Found known binary: httpd (web server) - ${BINARY}"; fi ;;
|
||||||
nmap) NMAPFOUND=1; NMAPBINARY="${BINARY}"; NMAPVERSION=`${BINARY} -V | grep "^Nmap version" | awk '{ print $3 }'`; logtext "Found ${BINARY} (version ${NMAPVERSION})" ;;
|
ip) IPFOUND=1; IPBINARY="${BINARY}"; logtext " Found known binary: ip (IP configuration) - ${BINARY}" ;;
|
||||||
ntpq) NTPQFOUND=1; NTPQBINARY="${BINARY}"; logtext " Found known binary ntpq (time daemon client) - ${BINARY}" ;;
|
ipf) IPFFOUND=1; IPFBINARY="${BINARY}"; logtext " Found known binary: ipf (firewall) - ${BINARY}" ;;
|
||||||
osiris) OSIRISFOUND=1; OSIRISBINARY="${BINARY}"; logtext " Found known binary: osiris - ${BINARY}" ;;
|
ifconfig) IFCONFIGFOUND=1; IFCONFIGBINARY="${BINARY}"; logtext " Found known binary: ipconfig (IP configuration) - ${BINARY}" ;;
|
||||||
openssl) OPENSSLFOUND=1; OPENSSLBINARY="${BINARY}"; OPENSSLVERSION=`${BINARY} version 2> /dev/null | head -n 1 | awk '{ print $2 }' | xargs`; logtext "Found ${BINARY} (version ${OPENSSLVERSION})" ;;
|
iptables) if [ -f ${BINARY} ]; then IPTABLESFOUND=1; IPTABLESBINARY="${BINARY}"; logtext " Found known binary: iptables (firewall) - ${BINARY}"; fi ;;
|
||||||
pacman) PACMANFOUND=1; PACMANBINARY="${BINARY}"; logtext " Found known binary: pacman (package manager) - ${BINARY}" ;;
|
kldstat) KLDSTATFOUND=1; KLDSTATBINARY="${BINARY}"; logtext " Found known binary: kldstat (kernel modules) - ${BINARY}" ;;
|
||||||
perl) PERLFOUND=1; PERLBINARY="${BINARY}"; PERLVERSION=`${BINARY} -V:version | sed 's/^version=//' | sed 's/;//' | xargs`; logtext "Found ${BINARY} (version ${PERLVERSION})" ;;
|
kstat) KSTATFOUND=1; KSTATBINARY="${BINARY}"; logtext " Found known binary: kstat (kernel statistics) - ${BINARY}" ;;
|
||||||
php) PHPFOUND=1; PHPBINARY="${BINARY}"; PHPVERSION=`${BINARY} -v | awk '{ if ($1=="PHP") { print $2 }}' | head -1`; logtext "Found known binary: php (programming language) - ${BINARY} (version ${PHPVERSION})" ;;
|
locate) LOCATEFOUND=1; LOCATEBINARY="${BINARY}"; logtext " Found known binary: locate (file database) - ${BINARY}" ;;
|
||||||
postconf) POSTCONFFOUND=1; POSTCONFBINARY="${BINARY}"; logtext " Found known binary: postconf (postfix configuration) - ${BINARY}" ;;
|
logrotate) LOGROTATEFOUND=1; LOGROTATEBINARY="${BINARY}"; logtext " Found known binary: logrotate (log rotation tool) - ${BINARY}" ;;
|
||||||
postfix) POSTFIXFOUND=1; POSTFIXBINARY="${BINARY}"; logtext " Found known binary: postfix (postfix binary) - ${BINARY}" ;;
|
ls) LSFOUND=1; LSBINARY="${BINARY}"; logtext " Found known binary: ls (file listing) - ${BINARY}" ;;
|
||||||
prelink) PRELINKFOUND=1; PRELINKBINARY="${BINARY}"; logtext " Found known binary: prelink (system optimizer) - ${BINARY}" ;;
|
lsattr) LSATTRFOUND=1; LSATTRBINARY="${BINARY}"; logtext " Found known binary: lsattr (file attributes) - ${BINARY}" ;;
|
||||||
pfctl) PFCTLFOUND=1; PFCTLBINARY="${BINARY}"; logtext " Found known binary: pfctl (client to pf firewall) - ${BINARY}" ;;
|
lsmod) LSMODFOUND=1; LSMODBINARY="${BINARY}"; logtext " Found known binary: lsmod (kernel modules) - ${BINARY}" ;;
|
||||||
ps) PSFOUND=1; PSBINARY="${BINARY}"; logtext " Found known binary: ps (process listing) - ${BINARY}" ;;
|
lsof) LSOFFOUND=1; LSOFBINARY="${BINARY}"; logtext " Found known binary: lsof (open files) - ${BINARY}" ;;
|
||||||
puppet) PUPPETFOUND=1; PUPPETBINARY="${BINARY}"; logtext " Found known binary: puppet (automation tooling) - ${BINARY}" ;;
|
lynx) LYNXFOUND=1; LYNXBINARY="${BINARY}"; LYNXVERSION=`${BINARY} -version | grep "^Lynx Version" | cut -d ' ' -f3`; logtext "Found known binary: lynx (browser) - ${BINARY} (version ${LYNXVERSION})" ;;
|
||||||
puppetmasterd) PUPPETMASTERDFOUND=1; PUPPETMASTERDBINARY="${BINARY}"; logtext " Found known binary: puppetmasterd (puppet master daemon) - ${BINARY}" ;;
|
md5) MD5FOUND=1; MD5BINARY="${BINARY}"; logtext " Found ${BINARY}" ;;
|
||||||
readlink) READLINKFOUND=1; READLINKBINARY="${BINARY}"; logtext " Found known binary: readlink (follows symlinks) - ${BINARY}" ;;
|
md5sum) MD5FOUND=1; MD5BINARY="${BINARY}"; logtext " Found ${BINARY}" ;;
|
||||||
rkhunter) RKHUNTERFOUND=1; RKHUNTERBINARY="${BINARY}"; MALWARE_SCANNER_INSTALLED=1; logtext " Found known binary: rkhunter (malware scanner) - ${BINARY}" ;;
|
mtree) MTREEFOUND=1; MTREEBINARY="${BINARY}"; logtext " Found known binary: mtree (mapping directory tree) - ${BINARY}" ;;
|
||||||
rpcinfo) RPCINFOFOUND=1; RPCINFOBINARY="${BINARY}"; logtext " Found known binary: rpcinfo (RPC information) - ${BINARY}" ;;
|
mysql) MYSQLCLIENTFOUND=1; MYSQLCLIENTBINARY="${BINARY}"; MYSQLCLIENTVERSION=`${BINARY} -V | awk '{ if ($4=="Distrib") { print $5 }}' | sed 's/,//g'` ; logtext "Found ${BINARY} (version: ${MYSQLCLIENTVERSION})" ;;
|
||||||
rpm) RPMFOUND=1; RPMBINARY="${BINARY}"; logtext " Found known binary: rpm (package manager) - ${BINARY}" ;;
|
netstat) NETSTATFOUND=1; NETSTATBINARY="${BINARY}"; logtext " Found ${BINARY}" ;;
|
||||||
runlevel) RUNLEVELFOUND=1; RUNLEVELBINARY="${BINARY}"; logtext " Found known binary: runlevel (system utility) - ${BINARY}" ;;
|
nmap) NMAPFOUND=1; NMAPBINARY="${BINARY}"; NMAPVERSION=`${BINARY} -V | grep "^Nmap version" | awk '{ print $3 }'`; logtext "Found ${BINARY} (version ${NMAPVERSION})" ;;
|
||||||
samhain) SAMHAINFOUND=1; SAMHAINBINARY="${BINARY}"; logtext " Found known binary: samhain (integrity tool) - ${BINARY}" ;;
|
ntpq) NTPQFOUND=1; NTPQBINARY="${BINARY}"; logtext " Found known binary ntpq (time daemon client) - ${BINARY}" ;;
|
||||||
sestatus) SESTATUSFOUND=1; SESTATUSBINARY="${BINARY}"; logtext " Found known binary: sestatus (SELinux client) - ${BINARY}" ;;
|
osiris) OSIRISFOUND=1; OSIRISBINARY="${BINARY}"; logtext " Found known binary: osiris - ${BINARY}" ;;
|
||||||
slocate) LOCATEFOUND=1; LOCATEBINARY="${BINARY}"; logtext " Found known binary: slocate (file database) - ${BINARY}" ;;
|
openssl) OPENSSLFOUND=1; OPENSSLBINARY="${BINARY}"; OPENSSLVERSION=`${BINARY} version 2> /dev/null | head -n 1 | awk '{ print $2 }' | xargs`; logtext "Found ${BINARY} (version ${OPENSSLVERSION})" ;;
|
||||||
smbd) SMBDFOUND=1; SMBDBINARY="${BINARY}"; if [ "${OS}" = "MacOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=`${BINARY} -V | grep "^Version" | awk '{ print $2 }'`; fi; logtext "Found ${BINARY} (version ${SMBDVERSION})" ;;
|
pacman) PACMANFOUND=1; PACMANBINARY="${BINARY}"; logtext " Found known binary: pacman (package manager) - ${BINARY}" ;;
|
||||||
showmount) SHOWMOUNTFOUND=1; SHOWMOUNTBINARY="${BINARY}"; logtext " Found known binary: showmount (NFS mounts) - ${BINARY}" ;;
|
perl) PERLFOUND=1; PERLBINARY="${BINARY}"; PERLVERSION=`${BINARY} -V:version | sed 's/^version=//' | sed 's/;//' | xargs`; logtext "Found ${BINARY} (version ${PERLVERSION})" ;;
|
||||||
sockstat) SOCKSTATFOUND=1; SOCKSTATBINARY="${BINARY}"; logtext " Found known binary: sockstat (open network sockets) - ${BINARY}" ;;
|
php) PHPFOUND=1; PHPBINARY="${BINARY}"; PHPVERSION=`${BINARY} -v | awk '{ if ($1=="PHP") { print $2 }}' | head -1`; logtext "Found known binary: php (programming language) - ${BINARY} (version ${PHPVERSION})" ;;
|
||||||
squid) SQUIDFOUND=1; SQUIDBINARY="${BINARY}"; logtext " Found known binary: squid (proxy) - ${BINARY}" ;;
|
postconf) POSTCONFFOUND=1; POSTCONFBINARY="${BINARY}"; logtext " Found known binary: postconf (postfix configuration) - ${BINARY}" ;;
|
||||||
sshd) SSHDFOUND=1; SSHDBINARY="${BINARY}"; SSHDVERSION=`${BINARY} -t -d 2>&1 | head -n 1 | awk '{ print $4 }' | cut -d '_' -f2 | xargs`; logtext "Found ${BINARY} (version ${SSHDVERSION})" ;;
|
postfix) POSTFIXFOUND=1; POSTFIXBINARY="${BINARY}"; logtext " Found known binary: postfix (postfix binary) - ${BINARY}" ;;
|
||||||
stat) STATFOUND=1; STATBINARY="${BINARY}"; logtext " Found known binary: stat (file information) - ${BINARY}" ;;
|
prelink) PRELINKFOUND=1; PRELINKBINARY="${BINARY}"; logtext " Found known binary: prelink (system optimizer) - ${BINARY}" ;;
|
||||||
strings) STRINGSFOUND=1; STRINGSBINARY="${BINARY}"; logtext " Found known binary: strings (text strings search) - ${BINARY}" ;;
|
pfctl) PFCTLFOUND=1; PFCTLBINARY="${BINARY}"; logtext " Found known binary: pfctl (client to pf firewall) - ${BINARY}" ;;
|
||||||
sha1|sha1sum|shasum) SHA1SUMFOUND=1; SHA1SUMBINARY="${BINARY}"; logtext " Found known binary: sha1/sha1sum/shasum (crypto hashing) - ${BINARY}" ;;
|
ps) PSFOUND=1; PSBINARY="${BINARY}"; logtext " Found known binary: ps (process listing) - ${BINARY}" ;;
|
||||||
ssh-keyscan) SSHKEYSCANFOUND=1; SSHKEYSCANBINARY="${BINARY}"; logtext " Found known binary: ssh-keyscan (scanner for SSH keys) - ${BINARY}" ;;
|
puppet) PUPPETFOUND=1; PUPPETBINARY="${BINARY}"; logtext " Found known binary: puppet (automation tooling) - ${BINARY}" ;;
|
||||||
sysctl) SYSCTLFOUND=1; SYSCTLBINARY="${BINARY}"; logtext " Found known binary: sysctl (kernel parameters) - ${BINARY}" ;;
|
puppetmasterd) PUPPETMASTERDFOUND=1; PUPPETMASTERDBINARY="${BINARY}"; logtext " Found known binary: puppetmasterd (puppet master daemon) - ${BINARY}" ;;
|
||||||
syslog-ng) SYSLOGNGFOUND=1; SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=`${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'`; logtext "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
|
readlink) READLINKFOUND=1; READLINKBINARY="${BINARY}"; logtext " Found known binary: readlink (follows symlinks) - ${BINARY}" ;;
|
||||||
systemctl) SYSTEMCTLFOUND=1; SYSTEMCTLBINARY="${BINARY}"; logtext " Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
|
rkhunter) RKHUNTERFOUND=1; RKHUNTERBINARY="${BINARY}"; MALWARE_SCANNER_INSTALLED=1; logtext " Found known binary: rkhunter (malware scanner) - ${BINARY}" ;;
|
||||||
timedatectl TIMEDATECTLFOUND=1; TIMEDATECTL="${BINARY}"; logtext " Found known binary: timedatectl (timedate client) - ${BINARY}" ;;
|
rpcinfo) RPCINFOFOUND=1; RPCINFOBINARY="${BINARY}"; logtext " Found known binary: rpcinfo (RPC information) - ${BINARY}" ;;
|
||||||
tripwire) TRIPWIREFOUND=1; TRIPWIREBINARY="${BINARY}"; logtext " Found known binary: tripwire (file integrity) - ${BINARY}" ;;
|
rpm) RPMFOUND=1; RPMBINARY="${BINARY}"; logtext " Found known binary: rpm (package manager) - ${BINARY}" ;;
|
||||||
tune2fs) TUNE2FSFOUND=1; TUNE2FSBINARY="${BINARY}"; logtext " Found known binary: tune2fs (file system tool) - ${BINARY}" ;;
|
runlevel) RUNLEVELFOUND=1; RUNLEVELBINARY="${BINARY}"; logtext " Found known binary: runlevel (system utility) - ${BINARY}" ;;
|
||||||
vgdisplay) VGDISPLAYFOUND=1; VGDISPLAYBINARY="${BINARY}"; logtext " Found known binary: vgdisplay (LVM tool) - ${BINARY}" ;;
|
samhain) SAMHAINFOUND=1; SAMHAINBINARY="${BINARY}"; logtext " Found known binary: samhain (integrity tool) - ${BINARY}" ;;
|
||||||
vmtoolsd) VMWARETOOLSFOUND=1; VMWARETOOLSDBINARY="${BINARY}"; logtext " Found known binary: vmtoolsd (VMWare tools) - ${BINARY}" ;;
|
sestatus) SESTATUSFOUND=1; SESTATUSBINARY="${BINARY}"; logtext " Found known binary: sestatus (SELinux client) - ${BINARY}" ;;
|
||||||
wget) WGETFOUND=1; WGETBINARY="${BINARY}"; WGETVERSION=`${BINARY} -V | grep "^GNU Wget" | awk '{ print $3 }'`; logtext "Found ${BINARY} (version ${WGETVERSION})" ;;
|
slocate) LOCATEFOUND=1; LOCATEBINARY="${BINARY}"; logtext " Found known binary: slocate (file database) - ${BINARY}" ;;
|
||||||
yum) YUMFOUND=1; YUMBINARY="${BINARY}"; logtext " Found known binary: yum (package manager) - ${BINARY}" ;;
|
smbd) SMBDFOUND=1; SMBDBINARY="${BINARY}"; if [ "${OS}" = "MacOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=`${BINARY} -V | grep "^Version" | awk '{ print $2 }'`; fi; logtext "Found ${BINARY} (version ${SMBDVERSION})" ;;
|
||||||
zypper) ZYPPERFOUND=1; ZYPPERBINARY="${BINARY}"; logtext " Found known binary: zypper (package manager) - ${BINARY}" ;;
|
showmount) SHOWMOUNTFOUND=1; SHOWMOUNTBINARY="${BINARY}"; logtext " Found known binary: showmount (NFS mounts) - ${BINARY}" ;;
|
||||||
esac
|
sockstat) SOCKSTATFOUND=1; SOCKSTATBINARY="${BINARY}"; logtext " Found known binary: sockstat (open network sockets) - ${BINARY}" ;;
|
||||||
done
|
squid) SQUIDFOUND=1; SQUIDBINARY="${BINARY}"; logtext " Found known binary: squid (proxy) - ${BINARY}" ;;
|
||||||
|
sshd) SSHDFOUND=1; SSHDBINARY="${BINARY}"; SSHDVERSION=`${BINARY} -t -d 2>&1 | head -n 1 | awk '{ print $4 }' | cut -d '_' -f2 | xargs`; logtext "Found ${BINARY} (version ${SSHDVERSION})" ;;
|
||||||
|
stat) STATFOUND=1; STATBINARY="${BINARY}"; logtext " Found known binary: stat (file information) - ${BINARY}" ;;
|
||||||
|
strings) STRINGSFOUND=1; STRINGSBINARY="${BINARY}"; logtext " Found known binary: strings (text strings search) - ${BINARY}" ;;
|
||||||
|
sha1|sha1sum|shasum) SHA1SUMFOUND=1; SHA1SUMBINARY="${BINARY}"; logtext " Found known binary: sha1/sha1sum/shasum (crypto hashing) - ${BINARY}" ;;
|
||||||
|
ssh-keyscan) SSHKEYSCANFOUND=1; SSHKEYSCANBINARY="${BINARY}"; logtext " Found known binary: ssh-keyscan (scanner for SSH keys) - ${BINARY}" ;;
|
||||||
|
sysctl) SYSCTLFOUND=1; SYSCTLBINARY="${BINARY}"; logtext " Found known binary: sysctl (kernel parameters) - ${BINARY}" ;;
|
||||||
|
syslog-ng) SYSLOGNGFOUND=1; SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=`${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'`; logtext "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
|
||||||
|
systemctl) SYSTEMCTLFOUND=1; SYSTEMCTLBINARY="${BINARY}"; logtext " Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
|
||||||
|
timedatectl) TIMEDATECTLFOUND=1; TIMEDATECTL="${BINARY}"; logtext " Found known binary: timedatectl (timedate client) - ${BINARY}" ;;
|
||||||
|
tripwire) TRIPWIREFOUND=1; TRIPWIREBINARY="${BINARY}"; logtext " Found known binary: tripwire (file integrity) - ${BINARY}" ;;
|
||||||
|
tune2fs) TUNE2FSFOUND=1; TUNE2FSBINARY="${BINARY}"; logtext " Found known binary: tune2fs (file system tool) - ${BINARY}" ;;
|
||||||
|
vgdisplay) VGDISPLAYFOUND=1; VGDISPLAYBINARY="${BINARY}"; logtext " Found known binary: vgdisplay (LVM tool) - ${BINARY}" ;;
|
||||||
|
vmtoolsd) VMWARETOOLSFOUND=1; VMWARETOOLSDBINARY="${BINARY}"; logtext " Found known binary: vmtoolsd (VMWare tools) - ${BINARY}" ;;
|
||||||
|
wget) WGETFOUND=1; WGETBINARY="${BINARY}"; WGETVERSION=`${BINARY} -V | grep "^GNU Wget" | awk '{ print $3 }'`; logtext "Found ${BINARY} (version ${WGETVERSION})" ;;
|
||||||
|
yum) YUMFOUND=1; YUMBINARY="${BINARY}"; logtext " Found known binary: yum (package manager) - ${BINARY}" ;;
|
||||||
|
zypper) ZYPPERFOUND=1; ZYPPERBINARY="${BINARY}"; logtext " Found known binary: zypper (package manager) - ${BINARY}" ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
else
|
||||||
|
logtext "Result: Directory ${SCANDIR} skipped"
|
||||||
|
Display --indent 4 --text "- ${SCANDIR} (symlinked from ${ORGPATH})" --result SKIPPED --color YELLOW
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
Display --indent 4 --text "- Checking ${SCANDIR}... " --result "NOT FOUND" --color WHITE
|
Display --indent 4 --text "- ${SCANDIR}" --result "NOT FOUND" --color WHITE
|
||||||
logtext "Directory ${SCANDIR} does NOT exist or is a symlink."
|
logtext "Result: Directory ${SCANDIR} does NOT exist"
|
||||||
fi
|
fi
|
||||||
logtextbreak
|
logtextbreak
|
||||||
done
|
done
|
||||||
|
|||||||
@ -536,7 +536,7 @@
|
|||||||
# Try common guest processes
|
# Try common guest processes
|
||||||
logtext "Test: trying to guess virtual machine type by running processes"
|
logtext "Test: trying to guess virtual machine type by running processes"
|
||||||
IsRunning vmware-guestd
|
IsRunning vmware-guestd
|
||||||
if [ ${RUNNING} -eq 1 ]; then ISVIRTUALMACHINE=1; VMTYPE="vmware"; VMFULLTYPE="VMware product" ; fi
|
if [ ${RUNNING} -eq 1 ]; then ISVIRTUALMACHINE=1; VMTYPE="vmware"; VMFULLTYPE="VMware product"; fi
|
||||||
fi
|
fi
|
||||||
if [ ${ISVIRTUALMACHINE} -eq 1 ]; then
|
if [ ${ISVIRTUALMACHINE} -eq 1 ]; then
|
||||||
logtext "Result: found virtual machine (type: ${VMTYPE}, ${VMFULLTYPE})"
|
logtext "Result: found virtual machine (type: ${VMTYPE}, ${VMFULLTYPE})"
|
||||||
@ -1158,7 +1158,7 @@
|
|||||||
fi
|
fi
|
||||||
# Now check if our new location is actually a file or directory destination
|
# Now check if our new location is actually a file or directory destination
|
||||||
if [ -L ${sFILE} ]; then
|
if [ -L ${sFILE} ]; then
|
||||||
logtext "Result: discovered location ${sFILE} is another symlink"
|
logtext "Result: unable to determine symlink, or location ${sFILE} is just another symlink"
|
||||||
FOUNDPATH=0
|
FOUNDPATH=0
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|||||||
@ -56,28 +56,39 @@
|
|||||||
FOUND=1; NTPD_RUNNING=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1
|
FOUND=1; NTPD_RUNNING=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1
|
||||||
NTP_DAEMON="ntpd"
|
NTP_DAEMON="ntpd"
|
||||||
logtext "Result: found running NTP daemon in process list"
|
logtext "Result: found running NTP daemon in process list"
|
||||||
Display --indent 2 --text "- Checking running NTP daemon (ntpd)..." --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking running NTP daemon (ntpd)" --result FOUND --color GREEN
|
||||||
else
|
else
|
||||||
logtext "Result: NTP daemon not found in process list"
|
logtext "Result: NTP daemon not found in process list"
|
||||||
Display --indent 2 --text "- Checking running NTP daemon (ntpd)..." --result "NOT FOUND" --color WHITE
|
Display --indent 2 --text "- Checking running NTP daemon (ntpd)" --result "NOT FOUND" --color WHITE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check time daemon (eg NetBSD)
|
# Check time daemon (eg NetBSD)
|
||||||
IsRunning timed
|
IsRunning timed
|
||||||
if [ ${RUNNING} -eq 1 ]; then
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="timed"
|
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="timed"
|
||||||
Display --indent 2 --text "- Checking running NTP daemon (timed)..." --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking running NTP daemon (timed)" --result FOUND --color GREEN
|
||||||
else
|
else
|
||||||
Display --indent 2 --text "- Checking running NTP daemon (timed)..." --result "NOT FOUND" --color WHITE
|
Display --indent 2 --text "- Checking running NTP daemon (timed)" --result "NOT FOUND" --color WHITE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check time daemon (eg DragonFly BSD)
|
# Check time daemon (eg DragonFly BSD)
|
||||||
IsRunning dntpd
|
IsRunning dntpd
|
||||||
if [ ${RUNNING} -eq 1 ]; then
|
if [ ${RUNNING} -eq 1 ]; then
|
||||||
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="dntpd"
|
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="dntpd"
|
||||||
Display --indent 2 --text "- Checking running NTP daemon (dntpd)..." --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking running NTP daemon (dntpd)" --result FOUND --color GREEN
|
||||||
else
|
else
|
||||||
Display --indent 2 --text "- Checking running NTP daemon (dntpd)..." --result "NOT FOUND" --color WHITE
|
Display --indent 2 --text "- Checking running NTP daemon (dntpd)" --result "NOT FOUND" --color WHITE
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check timedate daemon (systemd)
|
||||||
|
if [ ! "${TIMEDATECTL}" = "" ]; then
|
||||||
|
FIND=`${TIMEDATECTL} status | grep "NTP enabled: yes"`
|
||||||
|
if [ "${FIND}" = "" ]; then
|
||||||
|
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="timedated"
|
||||||
|
Display --indent 2 --text "- Checking running NTP daemon (timedated)" --result "NOT FOUND" --color WHITE
|
||||||
|
else
|
||||||
|
Display --indent 2 --text "- Checking running NTP daemon (timedated)" --result "FOUND" --color GREEN
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check crontab for OpenBSD/FreeBSD
|
# Check crontab for OpenBSD/FreeBSD
|
||||||
@ -90,10 +101,10 @@
|
|||||||
if [ ! "${FIND}" = "" ]; then
|
if [ ! "${FIND}" = "" ]; then
|
||||||
FOUND=1;
|
FOUND=1;
|
||||||
NTP_CONFIG_TYPE_SCHEDULED=1
|
NTP_CONFIG_TYPE_SCHEDULED=1
|
||||||
Display --indent 2 --text "- Checking NTP client in crontab file (${I})..." --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result FOUND --color GREEN
|
||||||
logtext "Result: found ntpdate or rdate reference in crontab file ${I}"
|
logtext "Result: found ntpdate or rdate reference in crontab file ${I}"
|
||||||
else
|
else
|
||||||
Display --indent 2 --text "- Checking NTP client in crontab file (${I})..." --result "NOT FOUND" --color WHITE
|
Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result "NOT FOUND" --color WHITE
|
||||||
logtext "Result: no ntpdate or rdate reference found in crontab file ${I}"
|
logtext "Result: no ntpdate or rdate reference found in crontab file ${I}"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user