mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-28 16:24:13 +02:00
Add fallbacks for hostid generation and improve logging
This commit is contained in:
Michael Boelen
parent
e4d16f3cd1
commit
97e435ffe8
@ -990,28 +990,55 @@
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
"Linux")
|
"Linux")
|
||||||
# First use ip, then ifconfig as fallback
|
|
||||||
|
# First try ip, as it is available to most modern Linux distributions
|
||||||
if [ -n "${IPBINARY}" ]; then
|
if [ -n "${IPBINARY}" ]; then
|
||||||
|
LogText "Info: trying output from 'ip' to generate HostID"
|
||||||
# Determine if we have the common available eth0 interface. If so, give that priority.
|
# Determine if we have the common available eth0 interface. If so, give that priority.
|
||||||
# Note: apply sorting in case there would be multiple MAC addresses linked to increase predictable end result
|
# Note: apply sorting in case there would be multiple MAC addresses linked to increase predictable end result
|
||||||
FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]' | sort | head -1)
|
FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]' | sort | head -1)
|
||||||
if HasData "${FIND}"; then
|
if HasData "${FIND}"; then
|
||||||
HOSTID_GEN="linux-ip-interface-eth0"
|
HOSTID_GEN="linux-ip-interface-eth0"
|
||||||
else
|
else
|
||||||
# Trying the most stable route here:
|
# If eth0 does not exist, which is also common, then trying the next option:
|
||||||
# 1) First fetch all links that are UP and filter out everything not starting with 'en'
|
# 1) First fetch all links that are UP and start with 'en'
|
||||||
# 2) Filter entries that have a MAC address and filter out Docker related MAC addresses starting with '02:42:'
|
# 2) Filter entries that have a MAC address and filter out Docker related MAC addresses starting with '02:42:'
|
||||||
# 3) Convert everything to lowercase
|
# 3) Convert everything to lowercase
|
||||||
# 4) Sort the entries, so that the output is more predictable between runs when the same interfaces are available
|
# 4) Sort the entries, so that the output is more predictable between runs when the same interfaces are available
|
||||||
# 5) Select first entry
|
# 5) Select first entry
|
||||||
FIND=$(${IPBINARY} -family link addr show up label 'en*' 2> /dev/null | awk '{if($1=="link/ether" && $2 !~ "^02:42:"){print $2}}' | tr '[:upper:]' '[:lower:]' | sort | head -1)
|
FIND=$(${IPBINARY} -family link addr show up label 'en*' 2> /dev/null | awk '{if($1=="link/ether" && $2 !~ "^02:42:"){print $2}}' | tr '[:upper:]' '[:lower:]' | sort | head -1)
|
||||||
if HasData "${FIND}"; then
|
if HasData "${FIND}"; then
|
||||||
HOSTID_GEN="linux-ip-interface-other"
|
HOSTID_GEN="linux-ip-interface-up-en"
|
||||||
else
|
else
|
||||||
ReportException "GetHostID" "Can't create hostid (no MAC addresses found)"
|
LogText "Info: selecting interfaces by label 'en*' did not return results, trying without it"
|
||||||
|
# Try again, without specifying a preferred interface name
|
||||||
|
FIND=$(${IPBINARY} -family link addr show up 2> /dev/null | awk '{if($1=="link/ether" && $2 !~ "^02:42:"){print $2}}' | tr '[:upper:]' '[:lower:]' | sort | head -1)
|
||||||
|
if HasData "${FIND}"; then
|
||||||
|
HOSTID_GEN="linux-ip-interface-up-other"
|
||||||
|
else
|
||||||
|
ReportException "GetHostID" "Can't create hostid (no MAC addresses found)"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
elif [ -n "${IFCONFIGBINARY}" ]; then
|
fi
|
||||||
|
|
||||||
|
# Try fetching information from /sys in case 'ip' is not available or does not give expected results
|
||||||
|
if IsEmpty "${FIND}" && [ ${PRIVILEGED} -eq 1 -a -d /sys/class/net ]; then
|
||||||
|
NET_INTERFACES=$(${FINDBINARY} /sys/class/net ! -type d -exec realpath {} \; 2> /dev/null | sort | awk -F'/' '!/virtual/ && /devices/ {for (x=1;x<=NF;x++) if ($x~"net") print $(x+1)}')
|
||||||
|
for INTERFACE in ${NET_INTERFACES}; do
|
||||||
|
if grep -s 'up' "/sys/class/net/${INTERFACE}/operstate"; then
|
||||||
|
LogText "Interface '${INTERFACE}' is up, fetching MAC address"
|
||||||
|
FIND=$(head -1 "/sys/class/net/${INTERFACE}/address" | tr '[:upper:]' '[:lower:]')
|
||||||
|
if HasData "${FIND}"; then
|
||||||
|
HOSTID_GEN="linux-sys-interface-up"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
if IsEmpty "${FIND}" && [ -n "${IFCONFIGBINARY}" ]; then
|
||||||
|
LogText "Info: no information found from 'ip' or in /sys, trying output from 'ifconfig'"
|
||||||
# Determine if we have the eth0 interface (not all Linux distributions have this, e.g. Arch)
|
# Determine if we have the eth0 interface (not all Linux distributions have this, e.g. Arch)
|
||||||
HASETH0=$(${IFCONFIGBINARY} | grep "^eth0")
|
HASETH0=$(${IFCONFIGBINARY} | grep "^eth0")
|
||||||
# Check if we can find it with HWaddr on the line
|
# Check if we can find it with HWaddr on the line
|
||||||
@ -1044,8 +1071,6 @@
|
|||||||
else
|
else
|
||||||
HOSTID_GEN="linux-ifconfig-interface-eth0-hwaddr"
|
HOSTID_GEN="linux-ifconfig-interface-eth0-hwaddr"
|
||||||
fi
|
fi
|
||||||
else
|
|
||||||
ReportException "GetHostID" "Both ip and ifconfig tools are missing"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if we found a HostID
|
# Check if we found a HostID
|
||||||
@ -1054,7 +1079,7 @@
|
|||||||
HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }')
|
HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }')
|
||||||
LogText "Result: Found HostID: ${HOSTID}"
|
LogText "Result: Found HostID: ${HOSTID}"
|
||||||
else
|
else
|
||||||
ReportException "GetHostID" "Can't create HOSTID, command ip not found"
|
ReportException "GetHostID" "HostID could not be generated"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
@ -1187,7 +1212,7 @@
|
|||||||
for I in ${SSH_KEY_FILES}; do
|
for I in ${SSH_KEY_FILES}; do
|
||||||
if [ ${FOUND} -eq 0 ]; then
|
if [ ${FOUND} -eq 0 ]; then
|
||||||
if [ -f /etc/ssh/${I} ]; then
|
if [ -f /etc/ssh/${I} ]; then
|
||||||
LogText "Result: found file ${I} in /etc/ssh, using that to create host identifier"
|
LogText "Result: found file ${I} in /etc/ssh, using that as candidate to create hostid2"
|
||||||
DATA_SSH=$(cat /etc/ssh/${I})
|
DATA_SSH=$(cat /etc/ssh/${I})
|
||||||
FOUND=1
|
FOUND=1
|
||||||
fi
|
fi
|
||||||
@ -1199,12 +1224,12 @@
|
|||||||
|
|
||||||
STRING_TO_HASH=""
|
STRING_TO_HASH=""
|
||||||
if [ ${FOUND} -eq 1 -a -n "${DATA_SSH}" ]; then
|
if [ ${FOUND} -eq 1 -a -n "${DATA_SSH}" ]; then
|
||||||
LogText "Using SSH public key to create the second host identifier"
|
LogText "Using SSH public key to create hostid2"
|
||||||
STRING_TO_HASH="${DATA_SSH}"
|
STRING_TO_HASH="${DATA_SSH}"
|
||||||
HOSTID2_GEN="ssh-public-key"
|
HOSTID2_GEN="ssh-public-key"
|
||||||
else
|
else
|
||||||
if [ -n "${MACHINEID}" ]; then
|
if [ -n "${MACHINEID}" ]; then
|
||||||
LogText "Using the machine ID to create the second host identifier"
|
LogText "Using the machine ID to create hostid2"
|
||||||
STRING_TO_HASH="${MACHINEID}"
|
STRING_TO_HASH="${MACHINEID}"
|
||||||
HOSTID2_GEN="machine-id"
|
HOSTID2_GEN="machine-id"
|
||||||
fi
|
fi
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user