tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-04-08 17:15:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

New command: lynis generate systemd-units

Browse Source
This commit is contained in:
Michael Boelen 2019-07-13 20:03:30 +02:00
parent 63a66a971c
commit 9f7e0775a5
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
2 changed files with 91 additions and 1 deletions

89
include/helper_generate

@ -29,7 +29,7 @@
######################################################################
SAVEFILE=0
GENERATE_ARGS="hostids"
GENERATE_ARGS="hostids systemd-units"
if [ $# -gt 0 ]; then
case $1 in
@ -71,6 +71,93 @@ if [ $# -gt 0 ]; then
ExitClean
;;
"cronjob")
${ECHOCMD} "Not implemented yet"
;;
"systemd-units")
${ECHOCMD} ""
${ECHOCMD} "${BG_BLUE}Step 1: create service unit (/etc/systemd/system/lynis.service)${NORMAL}"
${ECHOCMD} ""
${ECHOCMD} "#################################################################################"
${ECHOCMD} "#"
${ECHOCMD} "# Lynis service file for systemd"
${ECHOCMD} "#"
${ECHOCMD} "#################################################################################"
${ECHOCMD} ""
${ECHOCMD} "[Unit]"
${ECHOCMD} "Description=Security audit and vulnerability scanner"
${ECHOCMD} "Documentation=https://cisofy.com/docs/"
${ECHOCMD} ""
${ECHOCMD} "[Service]"
${ECHOCMD} "Nice=19"
${ECHOCMD} "IOSchedulingClass=best-effort"
${ECHOCMD} "IOSchedulingPriority=7"
${ECHOCMD} "Type=simple"
MYBINARY=$(which lynis 2>/dev/null)
MOREOPTIONS=""
if [ -n "${LICENSE_KEY}" ]; then
MOREOPTIONS=" --upload"
fi
${ECHOCMD} "ExecStart=${MYBINARY:-/path/to/lynis} audit system --cronjob${MOREOPTIONS}"
${ECHOCMD} ""
${ECHOCMD} "[Install]"
${ECHOCMD} "WantedBy=multi-user.target"
${ECHOCMD} ""
${ECHOCMD} "#################################################################################"
${ECHOCMD} ""
${ECHOCMD} ""
${ECHOCMD} "${BG_BLUE}Step 2: create timer unit (/etc/systemd/system/lynis.timer)${NORMAL}"
${ECHOCMD} ""
${ECHOCMD} "#################################################################################"
${ECHOCMD} "#"
${ECHOCMD} "# Lynis timer file for systemd"
${ECHOCMD} "#"
${ECHOCMD} "#################################################################################"
${ECHOCMD} "# Do not remove, so Lynis can provide advice if a newer unit is available"
${ECHOCMD} "# Generator=lynis"
${ECHOCMD} "# Version=1"
${ECHOCMD} "#################################################################################"
${ECHOCMD} ""
${ECHOCMD} "[Unit]"
${ECHOCMD} "Description=Daily timer for the Lynis security audit and vulnerability scanner"
${ECHOCMD} ""
${ECHOCMD} "[Timer]"
${ECHOCMD} "OnCalendar=daily"
${ECHOCMD} "RandomizedDelaySec=1800"
${ECHOCMD} "Persistent=false"
${ECHOCMD} ""
${ECHOCMD} "[Install]"
${ECHOCMD} "WantedBy=timers.target"
${ECHOCMD} ""
${ECHOCMD} "#################################################################################"
${ECHOCMD} ""
${ECHOCMD} ""
${ECHOCMD} "${BG_BLUE}Step 3 - Enable the timer${NORMAL}"
${ECHOCMD} ""
${ECHOCMD} "Tell systemd you made changes: systemctl daemon-reload"
${ECHOCMD} ""
${ECHOCMD} "Enable and start the timer (so no reboot is needed): systemctl enable --now lynis.timer"
${ECHOCMD} ""
${ECHOCMD} ""
${ECHOCMD} "${BG_BLUE}Optional - Customize${NORMAL}"
${ECHOCMD} ""
${ECHOCMD} "Want to override the timer? Run: systemctl edit lynis.timer"
${ECHOCMD} "Note: set the timer by first resetting it, then set the preferred value"
${ECHOCMD} ""
${ECHOCMD} "[Timer]"
${ECHOCMD} "OnCalendar="
${ECHOCMD} "OnCalendar=*-*-* 03:00:00"
${ECHOCMD} ""
;;
*) ${ECHOCMD} "Unknown argument '${RED}$1${NORMAL}' for lynis generate" ;;
esac
else

3
include/helper_show

@ -102,6 +102,9 @@ GENERATE_HELP="
Generate and save values
${WHITE}lynis generate hostids --save${NORMAL}
Generate systemd units to run Lynis on a schedule (e.g. daily)
${WHITE}lynis generate systemd-units${NORMAL}
"