tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-25 23:05:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update tests_firewalls

Browse Source
This commit is contained in:
nser77 2024-10-08 11:29:48 +02:00 committed by GitHub
parent e9c2a1ad3f
commit 8ca5b83584
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 23 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
include/tests_firewalls
View File

@ -116,48 +116,47 @@
chains="INPUT FORWARD OUTPUT" chains="INPUT FORWARD OUTPUT"
fi fi
for chain in ${chains}; do for chain in ${chains}; do
${IPTABLESBINARY} -t "${table}" -S "${chain}" | while read -r line; do iptables -t "${table}" -S "${chain}" 2>/dev/zero | while read -r line; do
readarray -d" " -t array <<< ${line} set -- ${line}
c=0 while [ $# -gt 0 ]; do
for i in ${array[@]}; do if [ "${1}" = "-P" ]; then
if [ "${i}" = "-j" ]; then target="${3}"
let index=c+1 shift 3
target="${array[${index}]}" elif [ "${1}" = "-j" ]; then
target="${2}"
shift
elif [ "${1}" = "-d" ]; then
dst="${2}"
shift
elif [ "${1}" = "-s" ]; then
src="${2}"
shift
else
shift
fi fi
if [ "${i}" = "-d" ]; then
let index=c+1
destination="${array[${index}]}"
fi
if [ "${i}" = "-s" ]; then
let index=c+1
source="${array[${index}]}"
fi
let c++
done done
# logics # logics
if ( [ "${table}" = "filter" ] || [ "${table}" = "security" ] ) && [ "${chain}" = "INPUT" ] && [ "${target}" = "ACCEPT" ] ; then if ( [ "${table}" = "filter" ] || [ "${table}" = "security" ] ) && [ "${chain}" = "INPUT" ] && [ "${target}" = "ACCEPT" ] ; then
LogText "Result: Found ACCEPT for ${chainname} (table: ${table})" LogText "Result: Found ACCEPT for ${chain} (table: ${table})"
Display --indent 6 --text "- Checking chain ${chain} (table: ${table}, chain ${chain})" --result "${target}" --color YELLOW Display --indent 6 --text "- Checking chain ${chain} (table: ${table}, chain ${chain})" --result "${target}" --color YELLOW
AddHP 1 3 AddHP 1 3
fi fi
if ( [ "${table}" = "filter" ] || [ "${table}" = "security" ] ) && [ "${chain}" = "INPUT" ] && [ "${target}" = "DROP" ] ; then if ( [ "${table}" = "filter" ] || [ "${table}" = "security" ] ) && [ "${chain}" = "INPUT" ] && [ "${target}" = "DROP" ] ; then
LogText "Result: Found DROP for ${chainname} (table: ${table})" LogText "Result: Found DROP for ${chain} (table: ${table})"
Display --indent 6 --text "- Checking chain ${chain} (table: ${table}, chain ${chain})" --result "${target}" --color GREEN Display --indent 6 --text "- Checking chain ${chain} (table: ${table}, chain ${chain})" --result "${target}" --color GREEN
AddHP 3 3 AddHP 3 3
fi fi
if ( [ "${table}" = "filter" ] || [ "${table}" = "security" ] ) && ( [ "${chain}" = "INPUT" ] || [ "${chain}" = "FORWARD" ] || [ "${chain}" = "OUTPUT" ] ) && [ "${target}" = "NFQUEUE" ] ; then if ( [ "${table}" = "filter" ] || [ "${table}" = "security" ] ) && ( [ "${chain}" = "INPUT" ] || [ "${chain}" = "FORWARD" ] || [ "${chain}" = "OUTPUT" ] ) && [ "${target}" = "NFQUEUE" ] ; then
LogText "Result: Found DROP for ${chainname} (table: ${table})" LogText "Result: Found DROP for ${chain} (table: ${table})"
Display --indent 6 --text "- Checking chain ${chainname} (table: ${table}, chain ${chain})" --result "DROP" --color RED Display --indent 6 --text "- Checking chain ${chain} (table: ${table}, chain ${chain})" --result "NFQUEUE" --color RED
ReportSuggestion "${TEST_NO}" "Consider avoid ${target} target if possible (iptables chain ${chain}, table: ${table})" ReportSuggestion "${TEST_NO}" "Consider avoid ${target} target if possible (iptables chain ${chain}, table: ${table})"
AddHP 0 3 AddHP 0 3
fi fi
done done
done done
done done
fi fi
# #
################################################################################# #################################################################################
# #