From 9270ab0a3810ef557b66887e0e980122b84f0a24 Mon Sep 17 00:00:00 2001 From: Luca Fontana Date: Mon, 4 Nov 2024 19:04:37 +0200 Subject: [PATCH] More support for busybox devices - Replaced "head -1" with "head -n 1" - Fixed Stat format error in busybox - Fixed find -printf error in busybox - SafeInput accept only alphanumeric values, underscore and hyphens --- extras/build-lynis.sh | 4 ++-- include/functions | 41 ++++++++++++++++++++--------------- include/osdetection | 5 ++++- plugins/plugin_systemd_phase1 | 10 ++++----- 4 files changed, 35 insertions(+), 25 deletions(-) diff --git a/extras/build-lynis.sh b/extras/build-lynis.sh index 974f2937..d79e524b 100755 --- a/extras/build-lynis.sh +++ b/extras/build-lynis.sh @@ -238,7 +238,7 @@ echo "[*] Starting with DEB building process" - DEBCHANGELOGFULLVERSION=$(head -1 ../debian/changelog | awk '{ print $2 }' | sed 's/(//' | sed 's/)//') + DEBCHANGELOGFULLVERSION=$(head -n 1 ../debian/changelog | awk '{ print $2 }' | sed 's/(//' | sed 's/)//') DEBCHANGELOGVERSION=$(echo ${DEBCHANGELOGFULLVERSION} | awk -F- '{ print $1 }') DEBCHANGELOGVERSIONREV=$(echo ${DEBCHANGELOGFULLVERSION} | awk -F- '{ print $2 }') if [ "${LYNIS_VERSION}" = "${DEBCHANGELOGVERSION}" ]; then @@ -251,7 +251,7 @@ # BZRSTATUS=$(${BZRBINARY} status . 2>&1 > /dev/null; echo $?) # if [ "${BZRSTATUS}" = "0" ]; then # echo "[V] bzr has proper directory tree" -# DEBCHANGELOGFULLVERSION=$(head -1 debian/changelog | awk '{ print $2 }' | sed 's/(//' | sed 's/)//') +# DEBCHANGELOGFULLVERSION=$(head -n 1 debian/changelog | awk '{ print $2 }' | sed 's/(//' | sed 's/)//') # DEBCHANGELOGVERSION=$(echo ${DEBCHANGELOGFULLVERSION} | awk -F- '{ print $1 }') # DEBCHANGELOGVERSIONREV=$(echo ${DEBCHANGELOGFULLVERSION} | awk -F- '{ print $2 }') # echo "[=] Version in Debian changelog: ${DEBCHANGELOGVERSION} (revision: ${DEBCHANGELOGVERSIONREV})" diff --git a/include/functions b/include/functions index df27db8b..1c0bbdc7 100644 --- a/include/functions +++ b/include/functions @@ -968,7 +968,7 @@ ;; "DragonFly" | "FreeBSD") - FIND=$(${IFCONFIGBINARY} | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + FIND=$(${IFCONFIGBINARY} | grep ether | head -n 1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') if HasData "${FIND}"; then HOSTID=$(echo ${FIND} | sha1) else @@ -996,7 +996,7 @@ for INTERFACE in ${NET_INTERFACES}; do if grep -q -s 'up' "/sys/class/net/${INTERFACE}/operstate"; then LogText "Interface '${INTERFACE}' is up, fetching MAC address" - FIND=$(head -1 "/sys/class/net/${INTERFACE}/address" | tr '[:upper:]' '[:lower:]') + FIND=$(head -n 1 "/sys/class/net/${INTERFACE}/address" | tr '[:upper:]' '[:lower:]') if HasData "${FIND}"; then HOSTID_GEN="linux-sys-interface-up" break @@ -1010,7 +1010,7 @@ LogText "Info: trying output from 'ip' to generate HostID" # Determine if we have the common available eth0 interface. If so, give that priority. # Note: apply sorting in case there would be multiple MAC addresses linked to increase predictable end result - FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]' | sort | head -1) + FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]' | sort | head -n 1) if HasData "${FIND}"; then HOSTID_GEN="linux-ip-interface-eth0" else @@ -1020,7 +1020,7 @@ # 3) Convert everything to lowercase # 4) Sort the entries, so that the output is more predictable between runs when the same interfaces are available # 5) Select first entry - FIND=$(${IPBINARY} -family link addr show up 2> /dev/null | awk '{if($1=="link/ether" && $2 !~ "^02:42:"){print $2}}' | tr '[:upper:]' '[:lower:]' | sort | head -1) + FIND=$(${IPBINARY} -family link addr show up 2> /dev/null | awk '{if($1=="link/ether" && $2 !~ "^02:42:"){print $2}}' | tr '[:upper:]' '[:lower:]' | sort | head -n 1) if HasData "${FIND}"; then HOSTID_GEN="linux-ip-interface-up-other" else @@ -1049,7 +1049,7 @@ HOSTID_GEN="linux-ifconfig-interface-eth0-ether" fi else - FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "ether " | awk '{ print $2 }' | head -1 | tr '[:upper:]' '[:lower:]') + FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "ether " | awk '{ print $2 }' | head -n 1 | tr '[:upper:]' '[:lower:]') if IsEmpty "${FIND}"; then ReportException "GetHostID" "No eth0 found (and no ether was found with ifconfig)" else @@ -1058,7 +1058,7 @@ fi fi else - FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWaddr | head -1 | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') + FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWaddr | head -n 1 | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') HOSTID_GEN="linux-ifconfig-interface-first-hwaddr" fi else @@ -1077,7 +1077,7 @@ ;; "macOS") - FIND=$(${IFCONFIGBINARY} en0 | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + FIND=$(${IFCONFIGBINARY} en0 | grep ether | head -n 1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') if [ ! "${FIND}" = "" ]; then HOSTID=$(echo ${FIND} | shasum | awk '{ print $1 }') else @@ -1099,7 +1099,7 @@ ;; "NetBSD") - FIND=$(${IFCONFIGBINARY} -a | grep "address:" | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + FIND=$(${IFCONFIGBINARY} -a | grep "address:" | head -n 1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') if HasData "${FIND}"; then HOSTID=$(echo ${FIND} | sha1) else @@ -1108,7 +1108,7 @@ ;; "OpenBSD") - FIND=$(${IFCONFIGBINARY} | grep "lladdr " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + FIND=$(${IFCONFIGBINARY} | grep "lladdr " | head -n 1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') if HasData "${FIND}"; then HOSTID=$(echo ${FIND} | sha1) else @@ -1164,7 +1164,7 @@ # Optional: DBUS creates ID as well with dbus-uuidgen and is stored in /var/lib/dbus-machine-id (might be symlinked to /etc/machine-id) sMACHINEIDFILE="/etc/machine-id" if [ -f ${sMACHINEIDFILE} ]; then - FIND=$(head -1 ${sMACHINEIDFILE} | grep "^[a-f0-9]") + FIND=$(head -n 1 ${sMACHINEIDFILE} | grep "^[a-f0-9]") if [ "${FIND}" = "" ]; then MACHINEID="${FIND}" fi @@ -1336,6 +1336,8 @@ # busybox does not support format if [ ${SHELL_IS_BUSYBOX} -eq 0 ]; then DATA=$(${STATBINARY} --format=%a ${CHECKFILE}) + else + DATA=$(${STATBINARY} -c %a ${CHECKFILE}) fi ;; esac @@ -1349,12 +1351,16 @@ ;; *) # Only use find when OS is NOT AIX and binaries are NOT busybox + if [ -d "${CHECKFILE}" ]; then + MAXDEPTH="-maxdepth 0" + else + MAXDEPTH="" + fi + if [ ${SHELL_IS_BUSYBOX} -eq 0 ]; then - if [ -d ${CHECKFILE} ]; then - DATA=$(${FINDBINARY} ${CHECKFILE} -maxdepth 0 -printf "%m") - else - DATA=$(${FINDBINARY} ${CHECKFILE} -printf "%m") - fi + DATA=$(${FINDBINARY} "${CHECKFILE}" ${MAXDEPTH} -printf "%m") + else + DATA=$(${FINDBINARY} "${CHECKFILE}" ${MAXDEPTH} -exec stat -c %a {} \;) fi ;; esac @@ -1872,7 +1878,7 @@ # FreeBSD: hw.hv_vendor (remains empty for VirtualBox) # NetBSD: machdep.dmi.system-product # OpenBSD: hw.product - FIND=$(sysctl -a 2> /dev/null | grep -E "(hw.product|machdep.dmi.system-product)" | head -1 | sed 's/ = /=/' | awk -F= '{ print $2 }') + FIND=$(sysctl -a 2> /dev/null | grep -E "(hw.product|machdep.dmi.system-product)" | head -n 1 | sed 's/ = /=/' | awk -F= '{ print $2 }') if [ ! "${FIND}" = "" ]; then SHORT="${FIND}" fi @@ -3049,7 +3055,8 @@ # By default remove only control characters if [ $# -eq 1 ]; then input="$1" - cleaned=$(echo ${input} | tr -d '[:cntrl:]') + # cleaned=$(echo ${input} | tr -d '[:cntrl:]') + cleaned=$(echo "$input" | sed 's/[^a-zA-Z0-9_-]//g') # If know what to test against, then see if input matches the specified class elif [ $# -eq 2 ]; then input="$1" diff --git a/include/osdetection b/include/osdetection index fda72333..8ae1c1d5 100644 --- a/include/osdetection +++ b/include/osdetection @@ -836,7 +836,7 @@ if tail -1 < /etc/release | xargs | grep "^Solaris " > /dev/null; then OS_FULLNAME=$(tail -1 < /etc/release | xargs) else - OS_FULLNAME=$(head -1 < /etc/release | xargs) + OS_FULLNAME=$(head -n 1 < /etc/release | xargs) fi OS_VERSION=$(echo "$OS_FULLNAME" | cut -d ' ' -f 2,3) else # Old behaviour @@ -929,6 +929,9 @@ ShowSymlinkPath /bin/ps if [ "${SYMLINK}" = "/bin/busybox" ]; then SHELL_IS_BUSYBOX=1 + LogText "Result: The device is using Busybox." + else + LogText "Result: The device is NOT using Busybox." fi fi fi diff --git a/plugins/plugin_systemd_phase1 b/plugins/plugin_systemd_phase1 index 4e183f88..01c8db9a 100644 --- a/plugins/plugin_systemd_phase1 +++ b/plugins/plugin_systemd_phase1 @@ -47,13 +47,13 @@ if [ -n "${SYSTEMCTLBINARY}" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3802 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query systemd version and options" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${SYSTEMCTLBINARY} --version 2> /dev/null | ${AWKBINARY} '{ if ($1=="systemd") { print $2 } }' | grep "^[1-9][0-9][0-9]$" | head -1) + FIND=$(${SYSTEMCTLBINARY} --version 2> /dev/null | ${AWKBINARY} '{ if ($1=="systemd") { print $2 } }' | grep "^[1-9][0-9][0-9]$" | head -n 1) if [ -n "${FIND}" ]; then SYSTEMD_VERSION=${FIND} Report "systemd_version=${FIND}" LogText "Result: found systemd version ${FIND}" fi - FIND=$(${SYSTEMCTLBINARY} --version 2> /dev/null | grep "^[-+]" | sed 's/[[:space:]]/,/g' | head -1) + FIND=$(${SYSTEMCTLBINARY} --version 2> /dev/null | grep "^[-+]" | sed 's/[[:space:]]/,/g' | head -n 1) if [ -n "${FIND}" ]; then Report "systemd_builtin_components=${FIND}" LogText "Result: found builtin components list" @@ -101,7 +101,7 @@ if [ -f ${ROOTDIR}etc/machine-id -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3808 --preqs-met ${PREQS_MET} --weight L --network NO --description "Gather systemd machine ID" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(cat ${ROOTDIR}etc/machine-id | head -1) + FIND=$(cat ${ROOTDIR}etc/machine-id | head -n 1) if [ -n "${FIND}" ]; then SYSTEMD_MACHINEID="${FIND}" LogText "Result: found machine ID: ${SYSTEMD_MACHINEID}" @@ -134,7 +134,7 @@ FIND=$(${JOURNALCTLBINARY} --list-boots | wc -l) LogText "Output: number of boots listed in journal is ${FIND}" if [ -n "${FIND}" ]; then Report "journal_bootlogs=${FIND}"; fi - FIND=$(${JOURNALCTLBINARY} --list-boots | head -1 | awk '{ print $4 }') + FIND=$(${JOURNALCTLBINARY} --list-boots | head -n 1 | awk '{ print $4 }') LogText "Output: oldest boot date in journal is ${FIND}" if [ -n "${FIND}" ]; then Report "journal_oldest_bootdate=${FIND}"; fi fi @@ -204,7 +204,7 @@ if [ -n "${SYSTEMCTLBINARY}" -a ${SYSTEMD_RUNNING} -eq 1 -a ${SYSTEMD_VERSION} -ge 215 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3830 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query systemd status" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${SYSTEMCTLBINARY} is-system-running 2> /dev/null | head -1) + FIND=$(${SYSTEMCTLBINARY} is-system-running 2> /dev/null | head -n 1) if [ -n "${FIND}" ]; then Report "systemd_status=${FIND}" LogText "Result: found systemd status = ${FIND}"