tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-29 00:34:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update tests_firewalls

Browse Source
This commit is contained in:
nser77 2024-10-14 15:58:14 +02:00 committed by GitHub
parent 06b220e503
commit ade45301a8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
include/tests_firewalls
View File

@ -114,9 +114,9 @@
do do
${IPTABLESBINARY} -t "${IPTABLES_TABLE}" --list-rules --wait 1 2>/dev/zero | ${IPTABLESBINARY} -t "${IPTABLES_TABLE}" --list-rules --wait 1 2>/dev/zero |
{ {
while IFS="$(printf '\n')" read -r IPTABLES_OUTPUT_LINE while IFS="$(printf '\n')" read -r IPTABLES_LINES
do do
set -- ${IPTABLES_OUTPUT_LINE} set -- ${IPTABLES_LINES}
while [ $# -gt 0 ] while [ $# -gt 0 ]
do do
if [ "${1}" = "-P" ] if [ "${1}" = "-P" ]
@ -137,26 +137,29 @@
fi fi
done done
# logics # logics
if [ "${IPTABLES_TABLE}" = "filter" ] || [ "${IPTABLES_TABLE}" = "security" ] if [ ! "${IPTABLES_TABLE}" = "" ] && [ ! "${IPTABLES_CHAIN}" = "" ] && [ ! "${IPTABLES_TARGET}" = "" ]
then then
if [ "${IPTABLES_CHAIN}" = "INPUT" ] if [ "${IPTABLES_TABLE}" = "filter" ] || [ "${IPTABLES_TABLE}" = "security" ]
then then
if [ "${IPTABLES_TARGET}" = "ACCEPT" ] if [ "${IPTABLES_CHAIN}" = "INPUT" ]
then then
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE}\n${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} YELLOW" if [ "${IPTABLES_TARGET}" = "ACCEPT" ]
AddHP 1 3 then
elif [ "${IPTABLES_TARGET}" = "DROP" ] IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE}\n${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} YELLOW"
then AddHP 1 3
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE}\n${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} GREEN" elif [ "${IPTABLES_TARGET}" = "DROP" ]
AddHP 3 3 then
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE}\n${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} GREEN"
AddHP 3 3
fi
fi fi
fi if [ "${IPTABLES_CHAIN}" = "INPUT" ] || [ "${IPTABLES_CHAIN}" = "FORWARD" ] || [ "${IPTABLES_CHAIN}" = "OUTPUT" ]
if [ "${IPTABLES_CHAIN}" = "INPUT" ] || [ "${IPTABLES_CHAIN}" = "FORWARD" ] || [ "${IPTABLES_CHAIN}" = "OUTPUT" ]
then
if [ "${IPTABLES_TARGET}" = "NFQUEUE" ]
then then
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE}\n${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} RED" if [ "${IPTABLES_TARGET}" = "NFQUEUE" ]
AddHP 0 3 then
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE}\n${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} RED"
AddHP 0 3
fi
fi fi
fi fi
fi fi
@ -185,8 +188,11 @@
fi fi
done done
} }
unset IPTABLES_TABLE
done done
unset IPTABLES_TABLES
fi fi
unset PREQS_MET
# #
################################################################################# #################################################################################
# #