tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-27 15:54:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

added TRBINARY + fix nftables check (#276)

Browse Source 
fixes #273
This commit is contained in:
BlueC0re 2016-09-06 20:58:30 +02:00 committed by Michael Boelen
parent 8c811778dd
commit a596bdc349
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/binaries
View File

@ -201,6 +201,7 @@
syslog-ng) SYSLOGNGFOUND=1; SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=`${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'`; LogText "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;; syslog-ng) SYSLOGNGFOUND=1; SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=`${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'`; LogText "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
systemctl) SYSTEMCTLFOUND=1; SYSTEMCTLBINARY="${BINARY}"; SERVICE_MANAGER="systemd"; LogText " Found known binary: systemctl (client to systemd) - ${BINARY}" ;; systemctl) SYSTEMCTLFOUND=1; SYSTEMCTLBINARY="${BINARY}"; SERVICE_MANAGER="systemd"; LogText " Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
timedatectl) TIMEDATECTLFOUND=1; TIMEDATECTL="${BINARY}"; LogText " Found known binary: timedatectl (timedate client) - ${BINARY}" ;; timedatectl) TIMEDATECTLFOUND=1; TIMEDATECTL="${BINARY}"; LogText " Found known binary: timedatectl (timedate client) - ${BINARY}" ;;
tr) TRFOUND=1; TRBINARY="${BINARY}"; LogText " Found known binary: tr (text transformation) - ${BINARY}" ;;
tripwire) TRIPWIREFOUND=1; TRIPWIREBINARY="${BINARY}"; LogText " Found known binary: tripwire (file integrity) - ${BINARY}" ;; tripwire) TRIPWIREFOUND=1; TRIPWIREBINARY="${BINARY}"; LogText " Found known binary: tripwire (file integrity) - ${BINARY}" ;;
tune2fs) TUNE2FSFOUND=1; TUNE2FSBINARY="${BINARY}"; LogText " Found known binary: tune2fs (file system tool) - ${BINARY}" ;; tune2fs) TUNE2FSFOUND=1; TUNE2FSBINARY="${BINARY}"; LogText " Found known binary: tune2fs (file system tool) - ${BINARY}" ;;
vgdisplay) VGDISPLAYFOUND=1; VGDISPLAYBINARY="${BINARY}"; LogText " Found known binary: vgdisplay (LVM tool) - ${BINARY}" ;; vgdisplay) VGDISPLAYFOUND=1; VGDISPLAYBINARY="${BINARY}"; LogText " Found known binary: vgdisplay (LVM tool) - ${BINARY}" ;;

3
include/tests_firewalls
View File

@ -388,6 +388,7 @@
if [ ! -z "${FIND}" ]; then if [ ! -z "${FIND}" ]; then
LogText "Result: found nftables kernel module" LogText "Result: found nftables kernel module"
FIREWALL_SOFTWARE="nftables" FIREWALL_SOFTWARE="nftables"
FIREWALL_ACTIVE=1
NFTABLES_ACTIVE=1 NFTABLES_ACTIVE=1
Report "firewall_software[]=nftables" Report "firewall_software[]=nftables"
else else
@ -403,7 +404,7 @@
Register --test-no FIRE-4538 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nftables basic configuration" Register --test-no FIRE-4538 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nftables basic configuration"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# Retrieve nft version # Retrieve nft version
NFT_VERSION=$(${NFTBINARY} --version 2> /dev/null | ${AWKBINARY} '{ if ($1=="nftables") { print $2 }}' | tr -d 'v') NFT_VERSION=$(${NFTBINARY} --version 2> /dev/null | ${AWKBINARY} '{ if ($1=="nftables") { print $2 }}' | ${TRBINARY} -d 'v')
Report "nft_version=${NFT_VERSION}" Report "nft_version=${NFT_VERSION}"
LogText "Result: found version ${NFT_VERSION} of nft" LogText "Result: found version ${NFT_VERSION} of nft"
fi fi