mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-31 01:34:23 +02:00
Move state recording to report section
This commit is contained in:
Michael Boelen
parent
dc2962955e
commit
8e61275ff4
114
include/report
114
include/report
@ -22,55 +22,79 @@
|
|||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
|
|
||||||
|
# Add data fields to report file
|
||||||
|
Report "dhcp_client_running=${DHCP_CLIENT_RUNNING}"
|
||||||
|
Report "arpwatch_running=${ARPWATCH_RUNNING}"
|
||||||
|
|
||||||
|
# Report firewall installed for now, if we found one active. Next step would be determining binaries first and apply additional checks.
|
||||||
|
Report "firewall_active=${FIREWALL_ACTIVE}"
|
||||||
|
Report "firewall_empty_ruleset=${FIREWALL_EMPTY_RULESET}"
|
||||||
|
Report "firewall_installed=${FIREWALL_ACTIVE}"
|
||||||
|
|
||||||
|
if [ ! -z "${INSTALLED_PACKAGES}" ]; then Report "installed_packages_array=${INSTALLED_PACKAGES}"; fi
|
||||||
|
|
||||||
|
Report "package_audit_tool=${PACKAGE_AUDIT_TOOL}"
|
||||||
|
Report "package_audit_tool_found=${PACKAGE_AUDIT_TOOL_FOUND}"
|
||||||
|
Report "vulnerable_packages_found=${VULNERABLE_PACKAGES_FOUND}"
|
||||||
|
|
||||||
|
|
||||||
# Hardening Index
|
# Hardening Index
|
||||||
# Define approximately how strong a machine has been hardened
|
|
||||||
|
|
||||||
# If no hardening has been found, set value to 1
|
# Goal:
|
||||||
if [ ${HPPOINTS} -eq 0 ]; then HPPOINTS=1; HPTOTAL=100; fi
|
# Provide a visual way to show how much the system is hardened
|
||||||
HPINDEX=$((HPPOINTS * 100 / HPTOTAL))
|
#
|
||||||
HPAOBLOCKS=$((HPPOINTS * 20 / HPTOTAL))
|
# Important:
|
||||||
# Set color related to rating
|
# The index gives a simplified version of the measures taken on the system.
|
||||||
if [ ${HPINDEX} -lt 50 ]; then
|
# It should be used to get a first impression about the state of the system or to compare similar systems.
|
||||||
HPCOLOR="${RED}"
|
# Getting the maximum score (100 or full bar) does not indicate that the system is fully secured.
|
||||||
HIDESCRIPTION="System has not or a low amount been hardened"
|
|
||||||
elif [ ${HPINDEX} -gt 49 -a ${HPINDEX} -lt 80 ]; then
|
|
||||||
HPCOLOR="${YELLOW}"
|
|
||||||
HIDESCRIPTION="System has been hardened, but could use additional hardening"
|
|
||||||
elif [ ${HPINDEX} -gt 79 -a ${HPINDEX} -lt 90 ]; then
|
|
||||||
HPCOLOR="${GREEN}"
|
|
||||||
HIDESCRIPTION="System seem to be decent hardened"
|
|
||||||
elif [ ${HPINDEX} -gt 89 ]; then
|
|
||||||
HPCOLOR="${GREEN}"
|
|
||||||
HIDESCRIPTION="System seem to be well hardened"
|
|
||||||
fi
|
|
||||||
|
|
||||||
case ${HPAOBLOCKS} in
|
# If no hardening has been found, set value to 1
|
||||||
0) HPBLOCKS="#"; HPEMPTY=" " ;;
|
if [ ${HPPOINTS} -eq 0 ]; then HPPOINTS=1; HPTOTAL=100; fi
|
||||||
1) HPBLOCKS="#"; HPEMPTY=" " ;;
|
HPINDEX=$((HPPOINTS * 100 / HPTOTAL))
|
||||||
2) HPBLOCKS="##"; HPEMPTY=" " ;;
|
HPAOBLOCKS=$((HPPOINTS * 20 / HPTOTAL))
|
||||||
3) HPBLOCKS="###"; HPEMPTY=" " ;;
|
# Set color related to rating
|
||||||
4) HPBLOCKS="####"; HPEMPTY=" " ;;
|
if [ ${HPINDEX} -lt 50 ]; then
|
||||||
5) HPBLOCKS="#####"; HPEMPTY=" " ;;
|
HPCOLOR="${RED}"
|
||||||
6) HPBLOCKS="######"; HPEMPTY=" " ;;
|
HIDESCRIPTION="System has not or a low amount been hardened"
|
||||||
7) HPBLOCKS="#######"; HPEMPTY=" " ;;
|
elif [ ${HPINDEX} -gt 49 -a ${HPINDEX} -lt 80 ]; then
|
||||||
8) HPBLOCKS="########"; HPEMPTY=" " ;;
|
HPCOLOR="${YELLOW}"
|
||||||
9) HPBLOCKS="#########"; HPEMPTY=" " ;;
|
HIDESCRIPTION="System has been hardened, but could use additional hardening"
|
||||||
10) HPBLOCKS="##########"; HPEMPTY=" " ;;
|
elif [ ${HPINDEX} -gt 79 -a ${HPINDEX} -lt 90 ]; then
|
||||||
11) HPBLOCKS="###########"; HPEMPTY=" " ;;
|
HPCOLOR="${GREEN}"
|
||||||
12) HPBLOCKS="############"; HPEMPTY=" " ;;
|
HIDESCRIPTION="System seem to be decent hardened"
|
||||||
13) HPBLOCKS="#############"; HPEMPTY=" " ;;
|
elif [ ${HPINDEX} -gt 89 ]; then
|
||||||
14) HPBLOCKS="##############"; HPEMPTY=" " ;;
|
HPCOLOR="${GREEN}"
|
||||||
15) HPBLOCKS="###############"; HPEMPTY=" " ;;
|
HIDESCRIPTION="System seem to be well hardened"
|
||||||
16) HPBLOCKS="################"; HPEMPTY=" " ;;
|
fi
|
||||||
17) HPBLOCKS="#################"; HPEMPTY=" " ;;
|
|
||||||
18) HPBLOCKS="##################"; HPEMPTY=" " ;;
|
|
||||||
19) HPBLOCKS="###################"; HPEMPTY=" " ;;
|
|
||||||
20) HPBLOCKS="####################"; HPEMPTY="" ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
HPGRAPH="[${HPCOLOR}${HPBLOCKS}${NORMAL}${HPEMPTY}]"
|
case ${HPAOBLOCKS} in
|
||||||
LogText "Hardening index : [${HPINDEX}] [${HPBLOCKS}${HPEMPTY}]"
|
0) HPBLOCKS="#"; HPEMPTY=" " ;;
|
||||||
LogText "Hardening strength: ${HIDESCRIPTION}"
|
1) HPBLOCKS="#"; HPEMPTY=" " ;;
|
||||||
|
2) HPBLOCKS="##"; HPEMPTY=" " ;;
|
||||||
|
3) HPBLOCKS="###"; HPEMPTY=" " ;;
|
||||||
|
4) HPBLOCKS="####"; HPEMPTY=" " ;;
|
||||||
|
5) HPBLOCKS="#####"; HPEMPTY=" " ;;
|
||||||
|
6) HPBLOCKS="######"; HPEMPTY=" " ;;
|
||||||
|
7) HPBLOCKS="#######"; HPEMPTY=" " ;;
|
||||||
|
8) HPBLOCKS="########"; HPEMPTY=" " ;;
|
||||||
|
9) HPBLOCKS="#########"; HPEMPTY=" " ;;
|
||||||
|
10) HPBLOCKS="##########"; HPEMPTY=" " ;;
|
||||||
|
11) HPBLOCKS="###########"; HPEMPTY=" " ;;
|
||||||
|
12) HPBLOCKS="############"; HPEMPTY=" " ;;
|
||||||
|
13) HPBLOCKS="#############"; HPEMPTY=" " ;;
|
||||||
|
14) HPBLOCKS="##############"; HPEMPTY=" " ;;
|
||||||
|
15) HPBLOCKS="###############"; HPEMPTY=" " ;;
|
||||||
|
16) HPBLOCKS="################"; HPEMPTY=" " ;;
|
||||||
|
17) HPBLOCKS="#################"; HPEMPTY=" " ;;
|
||||||
|
18) HPBLOCKS="##################"; HPEMPTY=" " ;;
|
||||||
|
19) HPBLOCKS="###################"; HPEMPTY=" " ;;
|
||||||
|
20) HPBLOCKS="####################"; HPEMPTY="" ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
HPGRAPH="[${HPCOLOR}${HPBLOCKS}${NORMAL}${HPEMPTY}]"
|
||||||
|
LogText "Hardening index : [${HPINDEX}] [${HPBLOCKS}${HPEMPTY}]"
|
||||||
|
LogText "Hardening strength: ${HIDESCRIPTION}"
|
||||||
|
|
||||||
|
|
||||||
# Only show overview if not running in quiet mode
|
# Only show overview if not running in quiet mode
|
||||||
|
|||||||
@ -596,11 +596,6 @@
|
|||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
|
|
||||||
# Report firewall installed for now, if we found one active. Next step would be determining binaries first and apply additional checks.
|
|
||||||
Report "firewall_active=${FIREWALL_ACTIVE}"
|
|
||||||
Report "firewall_empty_ruleset=${FIREWALL_EMPTY_RULESET}"
|
|
||||||
Report "firewall_installed=${FIREWALL_ACTIVE}"
|
|
||||||
|
|
||||||
WaitForKeyPress
|
WaitForKeyPress
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
@ -634,9 +634,6 @@
|
|||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
|
|
||||||
Report "dhcp_client_running=${DHCP_CLIENT_RUNNING}"
|
|
||||||
Report "arpwatch_running=${ARPWATCH_RUNNING}"
|
|
||||||
|
|
||||||
WaitForKeyPress
|
WaitForKeyPress
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
@ -1340,13 +1340,6 @@
|
|||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
if [ ! -z "${INSTALLED_PACKAGES}" ]; then Report "installed_packages_array=${INSTALLED_PACKAGES}"; fi
|
|
||||||
|
|
||||||
Report "package_audit_tool=${PACKAGE_AUDIT_TOOL}"
|
|
||||||
Report "package_audit_tool_found=${PACKAGE_AUDIT_TOOL_FOUND}"
|
|
||||||
Report "vulnerable_packages_found=${VULNERABLE_PACKAGES_FOUND}"
|
|
||||||
|
|
||||||
WaitForKeyPress
|
WaitForKeyPress
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user