From a12876e472b0a75a95a13d2d1f295ca6fbcc51ee Mon Sep 17 00:00:00 2001
From: mboelen <michael@cisofy.com>
Date: Tue, 17 Mar 2015 18:06:00 +0100
Subject: [PATCH] Test for presence of CSF

---
 include/tests_firewalls | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/include/tests_firewalls b/include/tests_firewalls
index f88f3b96..227c8642 100644
--- a/include/tests_firewalls
+++ b/include/tests_firewalls
@@ -235,6 +235,23 @@
     # Description : Check ipchains
 #
 #################################################################################
+#
+    # Test        : FIRE-4524
+    # Description : Check for CSF (ConfigServer Security & Firewall)
+    Register --test-no FIRE-4524 --weight L --network NO --description "Check for CSF presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: check /etc/csf/csf.conf"
+        if [ -f /etc/csf/csf.conf ]; then
+            logtext "Result: /etc/csf.conf exists"
+            FIREWALL_ACTIVE=1
+            FIREWALL_SOFTWARE="csf"
+            Display --indent 2 --text "- Checking CSF status (configuration file)" --result FOUND --color GREEN
+          else
+            logtext "Result: /etc/csf/csf.conf does NOT exist"
+        fi
+    fi
+#
+#################################################################################
 #
     # Test        : FIRE-4526
     # Description : Check ipf (Solaris)
@@ -267,10 +284,9 @@
         if [ ${FIREWALL_ACTIVE} -eq 1 ]; then
             Display --indent 2 --text "- Checking host based firewall" --result ACTIVE --color GREEN
             logtext "Result: host based firewall or packet filter is active"
-            #YYY add manual item to report
             report "manual[]=Verify if there is a formal process for testing and applying firewall rules"
-            report "manual[]=verify all traffic is filtered the right way between the different security zones"
-            report "manual[]=verify if a list is available with all required services"
+            report "manual[]=Verify all traffic is filtered the right way between the different security zones"
+            report "manual[]=Verify if a list is available with all required services"
             # YYY Solaris ipf (determine default policy)
             report "manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic"
             AddHP 5 5
@@ -295,4 +311,4 @@ wait_for_keypress
 
 #
 #================================================================================
-# Lynis - Copyright 2007-2015, Michael Boelen - www.rootkit.nl - The Netherlands
+# Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com