tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-28 16:24:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improved templates and examples

Browse Source
This commit is contained in:
mboelen 2016-03-24 10:34:16 +01:00
parent c364fbe9b8
commit a3084da623
2 changed files with 124 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
include/tests_custom.template
View File

@ -5,67 +5,107 @@
# Here you could insert your own custom checks # Here you could insert your own custom checks
# #
# Tips: # Tips:
# - Make sure to use each test ID only once in Register function # - Make sure to use each test ID only once in Register function and prefix them with CUST
# - Use big steps in numbering, so you can easily put tests in between # - Use big steps in numbering, so you can easily put tests in between
# - Want to improve Lynis? Share your checks! # - Want to improve Lynis? Share your checks!
# #
################################################################################# #################################################################################
# #
# This has already been inserted, but you might reuse it to split your tests # Test : CUST-0001
# InsertSection "Custom Checks" # Description : We show some lines on the screen
# Register our first custom test
# We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed
Register --test-no CUST-0001 --weight L --network NO --description "A test case for colors and text display"
if [ ${SKIPTEST} -eq 0 ]; then
# The Display function makes it easy to show something on screen, with colors.
# --indent defines amount of spaces
# --text text to be displayed on screen
# --result text at end of line
# --color color of result text
Display --indent 2 --text "- Checking if everything is OK..." --result OK --color GREEN
Display --indent 4 --text "This shows one level deeper " --result NOTICE --color YELLOW
Display --indent 6 --text "And even deeper" --result WARNING --color RED
# Here we could add specific tests, like testing for a directory
# Most tests use the "if-then-else". If something is true, take one step, otherwise the other.
if [ -d /tmp ]; then
LogText "Result: we have a temporary directory"
else
LogText "Result: no temporary directory found"
fi
# Common examples to use:
# if [ -f /etc/file ]; then = Test if file exists
# if [ -d /var/run/mydirectory ]; then = Test if directory exists
# if [ ${MYVARIABLE} -eq 1 ]; then = Test if variable is set to 1
# if [ "${MYVARIABLE}" = "Value" ]; then = Test if variable is equal to specific value
if [ -f /etc/file ]; then
LogText "Result: Found file /etc/file"
elif [ -f /etc/file2 ]; then
LogText "Result: Found file /etc/file2"
else
LogText "Result: both /etc/file and /etc/file2 not found"
fi
# If a single value is stored in a variable, using case is effective.
case ${OS} in
# Only match one value
"Linux")
LogText "Found Linux"
Display --indent 2 --text "OS: Linux" --result OK --color GREEN
;;
# Matching several platforms
"FreeBSD"|"NetBSD"|"OpenBSD")
LogText "Found an operating system based on BSD"
Display --indent 2 --text "OS: *BSD" --result OK --color GREEN
# Catch-all for unknown values
*)
LogText "Did find another operating system"
;;
esac
# Show a warning on screen and in the report. We can specify a detail and how to solve it.
ReportWarning "${TEST_NO}" "Something was wrong and should be fixed" "/etc/motd" "text:Change your motd"
ReportSuggestion "${TEST_NO}" "Check if this process is running" "apache" "url:https://cisofy.com/support/"
fi
# #
################################################################################# #################################################################################
# #
# Test : CUST-0010 # Add a new section to screen output
# Author : Your name <e-mail address> InsertSection "Other Tests"
# Description : Check for something interesting - template #
# Notes : This test first checks if OpenSSL binary was found #################################################################################
#
# * Prerequisites Check # First check if OPENSSLBINARY is known as a prerequisite for this test.
# ----------------------- if [ ! "${OPENSSLBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
# Register --test-no CUST-0002 --preqs-met ${PREQS_MET} --weight M --network NO --description "Description of custom test"
# Check first if any dependency. If it doesn't meet, the test will be skipped after registration (SKIPTEST == 1)
#
# Examples:
# -f /etc/file = Test if file exists
# -d /var/run/mydirectory = Test if directory exists
# ${MYVARIABLE} -eq 1 = Test if variable is set to 1
# "${MYVARIABLE}" = "Value" = Test if variable is equal to specific value
if [ -f /etc/myfile ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
# * Registration of Test
# ------------------------
#
# Register the test, with custom ID CUST-0010, and only execute it when the prerequisites were met
Register --test-no CUST-0010 --preqs-met ${PREQS_MET} --weight L --network NO --description "Description of what this test does"
# Or we could use this test without any dependencies
# Register --test-no CUST-0010 --weight L --network NO --description "Description of what this test does"
# If everything is fine, perform test
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FOUND=0 FOUNDPROBLEM=0
LogText "Test: checking something" DIR="/my/path"
if [ ${FOUND} -eq 0 ]; then LogText "Test: we are going to check if we can find a particular directory (${DIR})"
Display --indent 4 --text "- Performing custom test" --result OK --color GREEN # Check if a directory exists
LogText "Result: the test result looks great!" if [ -d ${DIR} ]; then
LogText "Result: log entry for easier debugging or additional information"
# Optional: create a suggestion after a specific finding
#ReportSuggestion "${TEST_NO}" "This is my suggestion to improve the system even further."
else else
Display --indent 4 --text "- Performing custom test" --result WARNING --color RED FOUNDPROBLEM=1
LogText "Result: this test had a bad result :(" LogText "Result: directory ${DIR} was not found!"
# Throw a warning to the screen and report ReportWarning "${TEST_NO}" "This is a test warning line" "${DIR}" "text:Create directory ${DIR}"
ReportWarning ${TEST_NO} "M" "This is a warning message" fi
if [ ${FOUNDPROBLEM} -eq 0 ]; then
Display --indent 2 --text "- Checking if everything is OK..." --result OK --color GREEN
else
Display --indent 2 --text "- Checking if everything is OK..." --result WARNING --color RED
ReportSuggestion ${TEST_NO} "This is a suggestion"
fi fi
fi fi
# #
################################################################################# #################################################################################
# #
# Wait for keypress (unless --quick is being used)
wait_for_keypress wait_for_keypress
# #

61
plugins/custom_plugin.template
View File

@ -1,11 +1,12 @@
#!/bin/sh #!/bin/sh
# -------------------------- CUT THIS SECTION --------------------------- # -------------------------- CUT THIS SECTION ---------------------------
# This is a template to create a personal plugin # This is a template to create a customized plugin
# #
# Each plugin should at least have several variables defined with the # Each plugin should at least have several variables defined with the
# prefix PLUGIN_* (see below) # prefix PLUGIN_* (see below)
# #
# To add a section header, use the InsertSection function (see below) # If you want to learn what functions you can use, check include/functions
# #
# -------------------------- CUT THIS SECTION --------------------------- # -------------------------- CUT THIS SECTION ---------------------------
@ -19,43 +20,59 @@
# PLUGIN_NAME=[plugin_name] # PLUGIN_NAME=[plugin_name]
# PLUGIN_REQUIRED_TESTS= # PLUGIN_REQUIRED_TESTS=
#----------------------------------------------------- #-----------------------------------------------------
#########################################################################
#
#
# #
######################################################################### #########################################################################
# #
# Add custom section to screen output # Add custom section to screen output
# InsertSection "Personal Plugin" InsertSection "Custom Plugin"
#
#################################################################################
#
# Test : CUST-0001
# Description : We show some lines on the screen
# Register our first custom test
# We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed
Register --test-no CUST-0001 --weight L --network NO --description "A test case for colors and text display"
if [ ${SKIPTEST} -eq 0 ]; then
# The Display function makes it easy to show something on screen, with colors.
# --indent defines amount of spaces
# --text text to be displayed on screen
# --result text at end of line
# --color color of result text
Display --indent 2 --text "- Checking if everything is OK..." --result OK --color GREEN
Display --indent 4 --text "This shows one level deeper " --result NOTICE --color YELLOW
Display --indent 6 --text "And even deeper" --result WARNING --color RED
# Show a warning on screen and in the report. We can specify a detail and how to solve it.
ReportWarning "${TEST_NO}" "Something was wrong and should be fixed" "/etc/motd" "text:Change your motd"
ReportSuggestion "${TEST_NO}" "Check if this process is running" "apache" "url:https://cisofy.com/support/"
fi
# #
################################################################################# #################################################################################
# #
# Test : CUS-0000
# Description : check for an ordinary directory!
# First check if OPENSSLBINARY is known as a prerequisite for this test. # First check if OPENSSLBINARY is known as a prerequisite for this test.
if [ ! -z "${OPENSSLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi if [ ! -z "${OPENSSLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no CUS-0000 --preqs-met ${PREQS_MET} --weight L --network NO --description "Description of custom test" Register --test-no CUST-0001 --preqs-met ${PREQS_MET} --weight M --network NO --description "Description of custom test"
# Just do check without any prerequisites
Register --test-no CUS-0000 --weight L --network NO --description "Description of custom test"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FOUNDPROBLEM=0 FOUNDPROBLEM=0
DIR="/my/path"
LogText "Test: we are going to check if we can find a particular directory (${DIR})"
# Check if a directory exists # Check if a directory exists
if [ -d /my/path ]; then if [ -d ${DIR} ]; then
logtext "Result: log entry for easier debugging or additional information" LogText "Result: log entry for easier debugging or additional information"
else else
FOUNDPROBLEM=1 FOUNDPROBLEM=1
logtext "Result: problem found!" LogText "Result: directory ${DIR} was not found!"
ReportWarning ${TEST_NO} "M" "This is a test warning line" ReportWarning "${TEST_NO}" "This is a test warning line" "${DIR}" "text:Create directory ${DIR}"
fi fi
if [ ${FOUNDPROBLEM} -eq 0 ]; then if [ ${FOUNDPROBLEM} -eq 0 ]; then
Display --indent 2 --text "- Checking xxx..." --result OK --color GREEN Display --indent 2 --text "- Checking if everything is OK..." --result OK --color GREEN
else else
Display --indent 2 --text "- Checking xxx..." --result WARNING --color RED Display --indent 2 --text "- Checking if everything is OK..." --result WARNING --color RED
ReportSuggestion ${TEST_NO} "This is a suggestion" ReportSuggestion ${TEST_NO} "This is a suggestion"
ReportWarning ${TEST_NO} "M" "This is a medium level warning"
fi fi
fi fi
# #