tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Combining several improvements: helpers, plugins, audit mode

This commit is contained in:
mboelen 2015-01-30 20:01:07 +01:00
parent f5550fa5d2
commit 912f60acc0
1 changed files with 147 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
lynis
View File

@ -23,17 +23,17 @@
# Program information # Program information
PROGRAM_name="Lynis" PROGRAM_name="Lynis"
PROGRAM_version="1.6.5" PROGRAM_version="1.6.5"
PROGRAM_releasedate="3 January 2015" PROGRAM_releasedate="30 January 2015"
PROGRAM_author="CISOfy" PROGRAM_author="CISOfy"
PROGRAM_author_contact="lynis-dev@cisofy.com" PROGRAM_author_contact="development@cisofy.com"
PROGRAM_website="https://cisofy.com" PROGRAM_website="https://cisofy.com"
PROGRAM_copyright="Copyright 2007-2015 - ${PROGRAM_author}, ${PROGRAM_website}" PROGRAM_copyright="Copyright 2007-2015 - ${PROGRAM_author}, ${PROGRAM_website}"
PROGRAM_license="${PROGRAM_name} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are PROGRAM_license="${PROGRAM_name} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License. welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software." See the LICENSE file for details about using this software."
PROGRAM_extrainfo="Enterprise support and plugins available via CISOfy - https://cisofy.com" PROGRAM_extrainfo="Enterprise support and plugins available via CISOfy"
# Release version (beta or final) # Release version (beta or final)
PROGRAM_releasetype="beta" PROGRAM_releasetype="final"
# Version number of report files (when format changes in future) # Version number of report files (when format changes in future)
REPORT_version_major="1"; REPORT_version_minor="0" REPORT_version_major="1"; REPORT_version_minor="0"
REPORT_version="${REPORT_version_major}.${REPORT_version_minor}" REPORT_version="${REPORT_version_major}.${REPORT_version_minor}"
@ -344,9 +344,20 @@
# Bail out if we didn't get any parameter, or incorrect ones # Bail out if we didn't get any parameter, or incorrect ones
if [ ${PARAMCOUNT} -eq 0 -o ${WRONGOPTION} -eq 1 -o ${VIEWHELP} -eq 1 ]; then if [ ${PARAMCOUNT} -eq 0 -o ${WRONGOPTION} -eq 1 -o ${VIEWHELP} -eq 1 ]; then
#echo " ==================================================" #echo " =================================================="
echo ""
echo " Usage: lynis ${WHITE}[options] ${CYAN}mode${NORMAL}"
echo ""
echo ""
echo " ${CYAN}Mode:${NORMAL}"
echo ""
echo " ${GREEN}audit${NORMAL}"
echo " audit system : Perform security scan"
echo " audit Dockerfile <file> : Analyze Dockerfile"
echo ""
echo ""
echo " ${WHITE}Scan options:${NORMAL}" echo " ${WHITE}Scan options:${NORMAL}"
echo " --auditor \"<name>\" : Auditor name" echo " --auditor \"<name>\" : Auditor name"
echo " --check-all (-c) : Check system"
echo " --dump-options : See all available options" echo " --dump-options : See all available options"
echo " --no-log : Don't create a log file" echo " --no-log : Don't create a log file"
echo " --pentest : Non-privileged scan (useful for pentest)" echo " --pentest : Non-privileged scan (useful for pentest)"
@ -366,16 +377,17 @@
echo " --view-manpage (--man) : View man page" echo " --view-manpage (--man) : View man page"
echo " --version (-V) : Display version number and quit" echo " --version (-V) : Display version number and quit"
echo "" echo ""
echo " ${GREEN}Enterprise options:${NORMAL}" echo " ${WHITE}Enterprise options:${NORMAL}"
echo " --plugin-dir \"<path>\" : Define path of available plugins" echo " --plugin-dir \"<path>\" : Define path of available plugins"
echo " --upload : Upload data to central node" echo " --upload : Upload data to central node"
echo "" echo ""
echo ""
if [ ${WRONGOPTION} -eq 1 ]; then if [ ${WRONGOPTION} -eq 1 ]; then
echo " ${RED}Error${NORMAL}: ${WHITE}Invalid option ${WRONGOPTION_value}!${NORMAL}" echo " ${RED}Error${NORMAL}: ${WHITE}Invalid option '${WRONGOPTION_value}'${NORMAL}"
else else
if [ ${VIEWHELP} -eq 0 ]; then if [ ${VIEWHELP} -eq 0 ]; then
echo " ${RED}Error${NORMAL}: ${WHITE}No parameters specified!${NORMAL}" echo " ${RED}Error${NORMAL}: ${WHITE}No scanning mode specified!${NORMAL}"
fi fi
fi fi
echo " See man page and documentation for all available options." echo " See man page and documentation for all available options."
@ -447,9 +459,7 @@
# #
# Clear log file and test if it's writable # Clear log file and test if it's writable
logtext "### Starting ${PROGRAM_name} ${PROGRAM_version} with PID ${OURPID}, build date ${PROGRAM_releasedate} ###" > ${LOGFILE} logtext "### Starting ${PROGRAM_name} ${PROGRAM_version} with PID ${OURPID}, build date ${PROGRAM_releasedate} ###" > ${LOGFILE}
if [ $? -eq 0 ]; then if [ $? -gt 0 ]; then
Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result DONE --color GREEN
else
Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result WARNING --color RED Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result WARNING --color RED
echo "${WARNING}Fatal error${NORMAL}: problem while writing to log file. Check location and permissions." echo "${WARNING}Fatal error${NORMAL}: problem while writing to log file. Check location and permissions."
RemovePIDFile RemovePIDFile
@ -521,7 +531,7 @@
logtext "Plugin directory: ${PLUGINDIR}" logtext "Plugin directory: ${PLUGINDIR}"
logtext "Database directory: ${DBDIR}" logtext "Database directory: ${DBDIR}"
logtextbreak logtextbreak
wait_for_keypress #wait_for_keypress
# #
################################################################################# #################################################################################
@ -620,6 +630,8 @@
# #
################################################################################# #################################################################################
# #
if [ ${RUN_PLUGINS} -eq 1 ]; then
logtextbreak logtextbreak
InsertPluginSection "Plugins (phase 1)" InsertPluginSection "Plugins (phase 1)"
Display --text "Note: plugins have more extensive tests, which may take a few minutes to complete" Display --text "Note: plugins have more extensive tests, which may take a few minutes to complete"
@ -682,6 +694,7 @@
else else
report "plugins_enabled=1" report "plugins_enabled=1"
fi fi
fi
# #
################################################################################# #################################################################################
# #
@ -704,6 +717,9 @@
# #
################################################################################# #################################################################################
# #
if [ ${RUN_TESTS} -eq 1 ]; then
logtextbreak logtextbreak
# Test sections # Test sections
if [ "${TESTS_CATEGORY_TO_PERFORM}" = "" ]; then if [ "${TESTS_CATEGORY_TO_PERFORM}" = "" ]; then
@ -742,10 +758,13 @@
fi fi
done done
fi
# #
################################################################################# #################################################################################
# #
#logtextbreak
if [ ${RUN_TESTS} -eq 1 ]; then
InsertSection "Custom Tests" InsertSection "Custom Tests"
logtext "Test: Checking for tests_custom file" logtext "Test: Checking for tests_custom file"
# Custom tests # Custom tests
@ -766,6 +785,27 @@
else else
Display --indent 2 --text "- Running custom tests... " --result "NONE" --color WHITE Display --indent 2 --text "- Running custom tests... " --result "NONE" --color WHITE
fi fi
fi
#
#################################################################################
#
# Run helpers
#
#################################################################################
#
if [ ${RUN_HELPERS} -eq 1 ]; then
InsertPluginSection "Audit Module"
if [ ! "${HELPER}" = "" ]; then
logtext "Helper tool is $HELPER"
if [ -f ${INCLUDEDIR}/helper_${HELPER} ]; then
SafePerms ${INCLUDEDIR}/helper_${HELPER}
logtext "Running helper tool ${HELPER} with params: ${HELPER_PARAMS}"
. ${INCLUDEDIR}/helper_${HELPER} ${HELPER_PARAMS}
else
echo "Error, could not find helper"
fi
fi
fi
# #
################################################################################# #################################################################################
# #