tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Replace / with root directory

This commit is contained in:
Michael Boelen 2016-08-15 20:00:54 +02:00
parent 242f91ab97
commit a0e289d73f
1 changed files with 31 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
include/tests_accounting
View File

@ -22,7 +22,7 @@
# #
################################################################################# #################################################################################
# #
AUDITD_CONF_LOCS="/etc /etc/audit" AUDITD_CONF_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/audit"
AUDITD_CONF_FILE="" AUDITD_CONF_FILE=""
LINUX_AUDITD_RUNNING=0 LINUX_AUDITD_RUNNING=0
AUDIT_DAEMON_RUNNING=0 AUDIT_DAEMON_RUNNING=0
@ -34,7 +34,7 @@
# Description : Check availability FreeBSD accounting data # Description : Check availability FreeBSD accounting data
Register --test-no ACCT-2754 --os FreeBSD --weight L --network NO --category security --description "Check for available FreeBSD accounting information" Register --test-no ACCT-2754 --os FreeBSD --weight L --network NO --category security --description "Check for available FreeBSD accounting information"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
if [ -f /var/account/acct ]; then if [ -f ${ROOTDIR}var/account/acct ]; then
Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN
LogText "Result: /var/account/acct available" LogText "Result: /var/account/acct available"
AddHP 3 3 AddHP 3 3
@ -74,15 +74,15 @@
Register --test-no ACCT-9622 --os Linux --weight L --network NO --category security --description "Check for available Linux accounting information" Register --test-no ACCT-9622 --os Linux --weight L --network NO --category security --description "Check for available Linux accounting information"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Check accounting information" LogText "Test: Check accounting information"
if [ -f /var/account/pacct ]; then if [ -f ${ROOTDIR}var/account/pacct ]; then
Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN
LogText "Result: /var/account/pacct available" LogText "Result: /var/account/pacct available"
AddHP 3 3 AddHP 3 3
elif [ -f /var/log/account/pacct ]; then elif [ -f ${ROOTDIR}var/log/account/pacct ]; then
Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN
LogText "Result: /var/log/account/pacct available" LogText "Result: /var/log/account/pacct available"
AddHP 3 3 AddHP 3 3
elif [ -f /var/log/pacct ]; then elif [ -f ${ROOTDIR}var/log/pacct ]; then
Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN
LogText "Result: /var/log/pacct available" LogText "Result: /var/log/pacct available"
AddHP 3 3 AddHP 3 3
@ -102,29 +102,29 @@
Register --test-no ACCT-9626 --os Linux --weight L --network NO --category security --description "Check for sysstat accounting data" Register --test-no ACCT-9626 --os Linux --weight L --network NO --category security --description "Check for sysstat accounting data"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: check /etc/default/sysstat presence" LogText "Test: check /etc/default/sysstat presence"
if [ -f /etc/default/sysstat ]; then if [ -f ${ROOTDIR}etc/default/sysstat ]; then
LogText "Result: /etc/default/sysstat found" LogText "Result: ${ROOTDIR}etc/default/sysstat found"
FIND=`grep "^ENABLED" /etc/default/sysstat | grep -i true` FIND=`grep "^ENABLED" ${ROOTDIR}etc/default/sysstat | grep -i true`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
LogText "Result: sysstat enabled via /etc/default/sysstat" LogText "Result: sysstat enabled via ${ROOTDIR}etc/default/sysstat"
Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_ENABLED}" --color GREEN Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_ENABLED}" --color GREEN
else else
LogText "Result: sysstat disabled via /etc/default/sysstat" LogText "Result: sysstat disabled via ${ROOTDIR}etc/default/sysstat"
Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_DISABLED}" --color WHITE Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_DISABLED}" --color WHITE
ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (disabled)" ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (disabled)"
fi fi
elif [ -f /etc/cron.d/sysstat ]; then elif [ -f ${ROOTDIR}etc/cron.d/sysstat ]; then
FIND=`grep -v '^[[:space:]]*\(#\|$\)' /etc/cron.d/sysstat` FIND=`grep -v '^[[:space:]]*\(#\|$\)' ${ROOTDIR}etc/cron.d/sysstat`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
LogText "Result: sysstat enabled via /etc/cron.d/sysstat" LogText "Result: sysstat enabled via ${ROOTDIR}etc/cron.d/sysstat"
Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_ENABLED}" --color GREEN Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_ENABLED}" --color GREEN
else else
LogText "Result: sysstat disabled via /etc/cron.d/sysstat" LogText "Result: sysstat disabled via ${ROOTDIR}etc/cron.d/sysstat"
Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_DISABLED}" --color WHITE Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_DISABLED}" --color WHITE
ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (cron disabled)" ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (cron disabled)"
fi fi
else else
LogText "Result: sysstat not found via /etc/default/sysstat or /etc/cron.d/sysstat" LogText "Result: sysstat not found via ${ROOTDIR}etc/default/sysstat or /etc/cron.d/sysstat"
Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_NOT_FOUND}" --color YELLOW Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_NOT_FOUND}" --color YELLOW
ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (no results)" ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (no results)"
fi fi
@ -245,13 +245,13 @@
# Description : Check for Snoopy (wrapper for execve() and logger) # Description : Check for Snoopy (wrapper for execve() and logger)
Register --test-no ACCT-9636 --os Linux --weight L --network NO --category security --description "Check for Snoopy wrapper and logger" Register --test-no ACCT-9636 --os Linux --weight L --network NO --category security --description "Check for Snoopy wrapper and logger"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FILE="/lib/snoopy.so" FILE="${ROOTDIR}lib/snoopy.so"
if [ -f ${FILE} ]; then if [ -f ${FILE} ]; then
LogText "Result: found ${FILE}" LogText "Result: found ${FILE}"
Display --indent 2 --text "- Checking Snoopy" --result "${STATUS_FOUND}" --color GREEN Display --indent 2 --text "- Checking Snoopy" --result "${STATUS_FOUND}" --color GREEN
if [ -f /etc/ld.so.preload ]; then if [ -f ${ROOTDIR}etc/ld.so.preload ]; then
LogText "Result: found /etc/ld.so.preload, testing if snoopy.so is listed" LogText "Result: found ${ROOTDIR}etc/ld.so.preload, testing if snoopy.so is listed"
FIND=`grep ${FILE} /etc/ld.so.preload` FIND=`grep ${FILE} ${ROOTDIR}etc/ld.so.preload`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
LogText "Result: found snoopy in ld.so.preload" LogText "Result: found snoopy in ld.so.preload"
LogText "Output: ${FIND}" LogText "Output: ${FIND}"
@ -263,7 +263,7 @@
AddHP 3 3 AddHP 3 3
fi fi
else else
LogText "Result: /etc/ld.so.preload does not exist" LogText "Result: ${ROOTDIR}etc/ld.so.preload does not exist"
Display --indent 6 --text "- Library in ld.so.preload" --result "${STATUS_UNKNOWN}" --color PURPLE Display --indent 6 --text "- Library in ld.so.preload" --result "${STATUS_UNKNOWN}" --color PURPLE
ReportException "${TEST_NO}:1" "Unsure how Snoopy might be loaded as ld.so.preload does not exist" ReportException "${TEST_NO}:1" "Unsure how Snoopy might be loaded as ld.so.preload does not exist"
fi fi
@ -314,17 +314,17 @@
if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no ACCT-9654 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check BSM auditing in /etc/system" Register --test-no ACCT-9654 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check BSM auditing in /etc/system"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: check if BSM is enabled in /etc/system" LogText "Test: check if BSM is enabled in ${ROOTDIR}etc/system"
if [ -f /etc/system ]; then if [ -f ${ROOTDIR}etc/system ]; then
FIND=`grep 'set c2audit:audit_load = 1' /etc/system` FIND=`grep 'set c2audit:audit_load = 1' ${ROOTDIR}etc/system`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
LogText "Result: BSM is enabled in /etc/system" LogText "Result: BSM is enabled in ${ROOTDIR}etc/system"
Display --indent 4 --text "- Checking Solaris BSM (/etc/system)" --result "${STATUS_ENABLED}" --color GREEN Display --indent 4 --text "- Checking Solaris BSM (${ROOTDIR}etc/system)" --result "${STATUS_ENABLED}" --color GREEN
else else
Display --indent 4 --text "- Checking Solaris BSM (/etc/system)" --result "${STATUS_NOT_FOUND}" --color YELLOW Display --indent 4 --text "- Checking Solaris BSM (${ROOTDIR}etc/system)" --result "${STATUS_NOT_FOUND}" --color YELLOW
fi fi
else else
LogText "Result: /etc/system does not exist" LogText "Result: ${ROOTDIR}etc/system does not exist"
fi fi
fi fi
# #
@ -358,9 +358,9 @@
Register --test-no ACCT-9660 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check location of audit events" Register --test-no ACCT-9660 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check location of audit events"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: check /etc/security/audit_control for event logging location" LogText "Test: check /etc/security/audit_control for event logging location"
if [ -f /etc/security/audit_control ]; then if [ -f ${ROOTDIR}etc/security/audit_control ]; then
LogText "Result: file /etc/security/audit_control found" LogText "Result: file ${ROOTDIR}etc/security/audit_control found"
FIND=`grep "^dir" /etc/security/audit_control | ${AWKBINARY} -F: '{ print $2 }'` FIND=`grep "^dir" ${ROOTDIR}etc/security/audit_control | ${AWKBINARY} -F: '{ print $2 }'`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
LogText "Result: found location ${FIND}" LogText "Result: found location ${FIND}"
LogText "Test: Checking if location is a valid directory" LogText "Test: Checking if location is a valid directory"
@ -378,7 +378,7 @@
ReportSuggestion "${TEST_NO}" "Check if the Solaris audit directory is properly configured" ReportSuggestion "${TEST_NO}" "Check if the Solaris audit directory is properly configured"
fi fi
else else
LogText "Result: could not find /etc/security/audit_control" LogText "Result: could not find ${ROOTDIR}etc/security/audit_control"
Display --indent 4 --text "- Checking Solaris audit location" --result "${STATUS_SKIPPED}" --color YELLOW Display --indent 4 --text "- Checking Solaris audit location" --result "${STATUS_SKIPPED}" --color YELLOW
fi fi
fi fi