tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[LOGG-2190] ignore files in /tmp caused by early MySQL 5.x releases

This commit is contained in:
Michael Boelen 2016-08-18 15:25:57 +02:00
parent b1bf319f18
commit 8fcc2d7e12
1 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/tests_logging
View File

@ -474,27 +474,23 @@
if [ ! "${LSOFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi if [ ! "${LSOFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no LOGG-2190 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for deleted files in use" Register --test-no LOGG-2190 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for deleted files in use"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
EARLY_MYSQL=""
LogText "Test: checking deleted files that are still in use" LogText "Test: checking deleted files that are still in use"
LSOF_GREP="WARNING|Output information" LSOF_GREP="WARNING|Output information"
EARLY_MYSQL=`dpkg -l | egrep mysql-server-5.[0-5]` # MySQL versions prior to 5.6 leave lots of deleted in-use files in /tmp, ignoring those
if [ ! -z "${DPKGBINARY}" ]; then EARLY_MYSQL=$(${DPKGBINARY} -l | egrep mysql-server-5.[0-5]); fi
if [ ! -z "${EARLY_MYSQL}" ]; then LSOF_GREP="${LSOF_GREP}|mysqld"; fi
if [ ! "${EARLY_MYSQL}" = "" ]; then
# MySQL versions prior to 5.6 leave lots of deleted in-use files in /tmp
LSOF_GREP="${LSOF_GREP}|mysqld"
fi
if [ ${GRSEC_FOUND} -eq 1 ]; then
# grsecurity causes Fail2Ban to hold onto deleted in-use files in /var/tmp # grsecurity causes Fail2Ban to hold onto deleted in-use files in /var/tmp
LSOF_GREP="${LSOF_GREP}|fail2ban" if [ ${GRSEC_FOUND} -eq 1 ]; then LSOF_GREP="${LSOF_GREP}|fail2ban"; fi
fi
if [ ${OS_REDHAT_OR_CLONE} -eq 1 ]; then if [ ${OS_REDHAT_OR_CLONE} -eq 1 ]; then
# If lynis is run from /etc/cron.daily some deleted in-use files are kept in /tmp # If lynis is run from /etc/cron.daily some deleted in-use files are kept in /tmp
LSOF_GREP="${LSOF_GREP}|anacron|awk|run-parts" LSOF_GREP="${LSOF_GREP}|anacron|awk|run-parts"
fi fi
FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -vw "${LSOF_GREP}" | awk '{ if ($5=="REG") { printf "%s(%s)\n", $10, $1 } }' | grep -v "^$" | sort -u` FIND=$(${LSOFBINARY} -n +L 1 2>&1 | egrep -vw "${LSOF_GREP}" | awk '{ if ($5=="REG") { printf "%s(%s)\n", $10, $1 } }' | grep -v "^$" | sort -u)
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
LogText "Result: found one or more files which are deleted, but still in use" LogText "Result: found one or more files which are deleted, but still in use"
for I in ${FIND}; do for I in ${FIND}; do