Test for presence of CSF

2015-03-17 18:06:00 +01:00 · 2015-03-17 18:06:00 +01:00 · a12876e472
parent 8201510d6a
commit a12876e472
1 changed files with 20 additions and 4 deletions
--- a/include/tests_firewalls
+++ b/include/tests_firewalls
@ -235,6 +235,23 @@
    # Description : Check ipchains
 #
 #################################################################################
+#
+    # Test        : FIRE-4524
+    # Description : Check for CSF (ConfigServer Security & Firewall)
+    Register --test-no FIRE-4524 --weight L --network NO --description "Check for CSF presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: check /etc/csf/csf.conf"
+        if [ -f /etc/csf/csf.conf ]; then
+            logtext "Result: /etc/csf.conf exists"
+            FIREWALL_ACTIVE=1
+            FIREWALL_SOFTWARE="csf"
+            Display --indent 2 --text "- Checking CSF status (configuration file)" --result FOUND --color GREEN
+          else
+            logtext "Result: /etc/csf/csf.conf does NOT exist"
+        fi
+    fi
+#
+#################################################################################
 #
    # Test        : FIRE-4526
    # Description : Check ipf (Solaris)
@ -267,10 +284,9 @@
        if [ ${FIREWALL_ACTIVE} -eq 1 ]; then
            Display --indent 2 --text "- Checking host based firewall" --result ACTIVE --color GREEN
            logtext "Result: host based firewall or packet filter is active"
-            #YYY add manual item to report
            report "manual[]=Verify if there is a formal process for testing and applying firewall rules"
-            report "manual[]=verify all traffic is filtered the right way between the different security zones"
-            report "manual[]=verify if a list is available with all required services"
+            report "manual[]=Verify all traffic is filtered the right way between the different security zones"
+            report "manual[]=Verify if a list is available with all required services"
            # YYY Solaris ipf (determine default policy)
            report "manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic"
            AddHP 5 5
@ -295,4 +311,4 @@ wait_for_keypress

 #
 #================================================================================
-# Lynis - Copyright 2007-2015, Michael Boelen - www.rootkit.nl - The Netherlands
+# Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com