tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Combining several improvements: helpers, plugins, audit mode

This commit is contained in:
mboelen 2015-01-30 20:01:07 +01:00
parent f5550fa5d2
commit 912f60acc0
1 changed files with 147 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
lynis
View File

@ -23,17 +23,17 @@
# Program information
PROGRAM_name="Lynis"
PROGRAM_version="1.6.5"
PROGRAM_releasedate="3 January 2015"
PROGRAM_releasedate="30 January 2015"
PROGRAM_author="CISOfy"
PROGRAM_author_contact="lynis-dev@cisofy.com"
PROGRAM_author_contact="development@cisofy.com"
PROGRAM_website="https://cisofy.com"
PROGRAM_copyright="Copyright 2007-2015 - ${PROGRAM_author}, ${PROGRAM_website}"
PROGRAM_license="${PROGRAM_name} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software."
PROGRAM_extrainfo="Enterprise support and plugins available via CISOfy - https://cisofy.com"
PROGRAM_extrainfo="Enterprise support and plugins available via CISOfy"
# Release version (beta or final)
PROGRAM_releasetype="beta"
PROGRAM_releasetype="final"
# Version number of report files (when format changes in future)
REPORT_version_major="1"; REPORT_version_minor="0"
REPORT_version="${REPORT_version_major}.${REPORT_version_minor}"
@ -344,9 +344,20 @@
# Bail out if we didn't get any parameter, or incorrect ones
if [ ${PARAMCOUNT} -eq 0 -o ${WRONGOPTION} -eq 1 -o ${VIEWHELP} -eq 1 ]; then
#echo " =================================================="
echo ""
echo " Usage: lynis ${WHITE}[options] ${CYAN}mode${NORMAL}"
echo ""
echo ""
echo " ${CYAN}Mode:${NORMAL}"
echo ""
echo " ${GREEN}audit${NORMAL}"
echo " audit system : Perform security scan"
echo " audit Dockerfile <file> : Analyze Dockerfile"
echo ""
echo ""
echo " ${WHITE}Scan options:${NORMAL}"
echo " --auditor \"<name>\" : Auditor name"
echo " --check-all (-c) : Check system"
echo " --dump-options : See all available options"
echo " --no-log : Don't create a log file"
echo " --pentest : Non-privileged scan (useful for pentest)"
@ -366,16 +377,17 @@
echo " --view-manpage (--man) : View man page"
echo " --version (-V) : Display version number and quit"
echo ""
echo " ${GREEN}Enterprise options:${NORMAL}"
echo " ${WHITE}Enterprise options:${NORMAL}"
echo " --plugin-dir \"<path>\" : Define path of available plugins"
echo " --upload : Upload data to central node"
echo ""
echo ""
if [ ${WRONGOPTION} -eq 1 ]; then
echo " ${RED}Error${NORMAL}: ${WHITE}Invalid option ${WRONGOPTION_value}!${NORMAL}"
echo " ${RED}Error${NORMAL}: ${WHITE}Invalid option '${WRONGOPTION_value}'${NORMAL}"
else
if [ ${VIEWHELP} -eq 0 ]; then
echo " ${RED}Error${NORMAL}: ${WHITE}No parameters specified!${NORMAL}"
echo " ${RED}Error${NORMAL}: ${WHITE}No scanning mode specified!${NORMAL}"
fi
fi
echo " See man page and documentation for all available options."
@ -447,9 +459,7 @@
#
# Clear log file and test if it's writable
logtext "### Starting ${PROGRAM_name} ${PROGRAM_version} with PID ${OURPID}, build date ${PROGRAM_releasedate} ###" > ${LOGFILE}
if [ $? -eq 0 ]; then
Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result DONE --color GREEN
else
if [ $? -gt 0 ]; then
Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result WARNING --color RED
echo "${WARNING}Fatal error${NORMAL}: problem while writing to log file. Check location and permissions."
RemovePIDFile
@ -521,7 +531,7 @@
logtext "Plugin directory: ${PLUGINDIR}"
logtext "Database directory: ${DBDIR}"
logtextbreak
wait_for_keypress
#wait_for_keypress
#
#################################################################################
@ -620,6 +630,8 @@
#
#################################################################################
#
if [ ${RUN_PLUGINS} -eq 1 ]; then
logtextbreak
InsertPluginSection "Plugins (phase 1)"
Display --text "Note: plugins have more extensive tests, which may take a few minutes to complete"
@ -682,6 +694,7 @@
else
report "plugins_enabled=1"
fi
fi
#
#################################################################################
#
@ -704,6 +717,9 @@
#
#################################################################################
#
if [ ${RUN_TESTS} -eq 1 ]; then
logtextbreak
# Test sections
if [ "${TESTS_CATEGORY_TO_PERFORM}" = "" ]; then
@ -742,10 +758,13 @@
fi
done
fi
#
#################################################################################
#
#logtextbreak
if [ ${RUN_TESTS} -eq 1 ]; then
InsertSection "Custom Tests"
logtext "Test: Checking for tests_custom file"
# Custom tests
@ -766,6 +785,27 @@
else
Display --indent 2 --text "- Running custom tests... " --result "NONE" --color WHITE
fi
fi
#
#################################################################################
#
# Run helpers
#
#################################################################################
#
if [ ${RUN_HELPERS} -eq 1 ]; then
InsertPluginSection "Audit Module"
if [ ! "${HELPER}" = "" ]; then
logtext "Helper tool is $HELPER"
if [ -f ${INCLUDEDIR}/helper_${HELPER} ]; then
SafePerms ${INCLUDEDIR}/helper_${HELPER}
logtext "Running helper tool ${HELPER} with params: ${HELPER_PARAMS}"
. ${INCLUDEDIR}/helper_${HELPER} ${HELPER_PARAMS}
else
echo "Error, could not find helper"
fi
fi
fi
#
#################################################################################
#