tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-26 15:24:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Test for presence of CSF

Browse Source
This commit is contained in:
mboelen 2015-03-17 18:06:00 +01:00
parent 8201510d6a
commit a12876e472
1 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
include/tests_firewalls
View File

@ -235,6 +235,23 @@
# Description : Check ipchains # Description : Check ipchains
# #
################################################################################# #################################################################################
#
# Test : FIRE-4524
# Description : Check for CSF (ConfigServer Security & Firewall)
Register --test-no FIRE-4524 --weight L --network NO --description "Check for CSF presence"
if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: check /etc/csf/csf.conf"
if [ -f /etc/csf/csf.conf ]; then
logtext "Result: /etc/csf.conf exists"
FIREWALL_ACTIVE=1
FIREWALL_SOFTWARE="csf"
Display --indent 2 --text "- Checking CSF status (configuration file)" --result FOUND --color GREEN
else
logtext "Result: /etc/csf/csf.conf does NOT exist"
fi
fi
#
#################################################################################
# #
# Test : FIRE-4526 # Test : FIRE-4526
# Description : Check ipf (Solaris) # Description : Check ipf (Solaris)
@ -267,10 +284,9 @@
if [ ${FIREWALL_ACTIVE} -eq 1 ]; then if [ ${FIREWALL_ACTIVE} -eq 1 ]; then
Display --indent 2 --text "- Checking host based firewall" --result ACTIVE --color GREEN Display --indent 2 --text "- Checking host based firewall" --result ACTIVE --color GREEN
logtext "Result: host based firewall or packet filter is active" logtext "Result: host based firewall or packet filter is active"
#YYY add manual item to report
report "manual[]=Verify if there is a formal process for testing and applying firewall rules" report "manual[]=Verify if there is a formal process for testing and applying firewall rules"
report "manual[]=verify all traffic is filtered the right way between the different security zones" report "manual[]=Verify all traffic is filtered the right way between the different security zones"
report "manual[]=verify if a list is available with all required services" report "manual[]=Verify if a list is available with all required services"
# YYY Solaris ipf (determine default policy) # YYY Solaris ipf (determine default policy)
report "manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic" report "manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic"
AddHP 5 5 AddHP 5 5
@ -295,4 +311,4 @@ wait_for_keypress
# #
#================================================================================ #================================================================================
# Lynis - Copyright 2007-2015, Michael Boelen - www.rootkit.nl - The Netherlands # Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com