tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

New option: --usecwd to run from current working directory

This commit is contained in:
Michael Boelen 2019-07-25 11:34:58 +02:00
parent 022f427a69
commit b384fa2887
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
4 changed files with 37 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -27,6 +27,7 @@ measures to further tighten any possible misuse.
- New function: Readonly - mark variable read-only (security) - New function: Readonly - mark variable read-only (security)
- New function: SafeFile - test file type and call permission check - New function: SafeFile - test file type and call permission check
- New function: SafeInput - check for safe input (security) - New function: SafeInput - check for safe input (security)
- New option: --usecwd - run from the current working directory
- New profile option: disable-plugin - disables a single plugin - New profile option: disable-plugin - disables a single plugin
- New profile option: ssl-certificate-paths-to-ignore - ignore a path - New profile option: ssl-certificate-paths-to-ignore - ignore a path
- New test: CRYP-7930 - disk or file system encryption testing - New test: CRYP-7930 - disk or file system encryption testing

4
include/functions
View File

@ -435,7 +435,11 @@
DEFAULT_PROFILE="" DEFAULT_PROFILE=""
PROFILEDIR="" PROFILEDIR=""
tPROFILE_NAMES="default.prf custom.prf" tPROFILE_NAMES="default.prf custom.prf"
if [ ${USE_CWD} -eq 1 ]; then
tPROFILE_TARGETS="."
else
tPROFILE_TARGETS="/usr/local/etc/lynis /etc/lynis /usr/local/lynis ." tPROFILE_TARGETS="/usr/local/etc/lynis /etc/lynis /usr/local/lynis ."
fi
for PNAME in ${tPROFILE_NAMES}; do for PNAME in ${tPROFILE_NAMES}; do
for PLOC in ${tPROFILE_TARGETS}; do for PLOC in ${tPROFILE_TARGETS}; do
# Only use one default.prf # Only use one default.prf

4
include/parameters
View File

@ -414,6 +414,10 @@
UPLOAD_DATA=1 UPLOAD_DATA=1
;; ;;
--usecwd)
return
;;
--verbose) --verbose)
VERBOSE=1 VERBOSE=1
;; ;;

10
lynis
View File

@ -77,6 +77,11 @@
WORKDIR=$(pwd) WORKDIR=$(pwd)
# Test from which directories we can use all functions and tests # Test from which directories we can use all functions and tests
USE_CWD=0
if case "$@" in *--usecwd*) true;; *) false;; esac; then
USE_CWD=1
INCLUDEDIR="./include"
else
INCLUDEDIR="" INCLUDEDIR=""
tINCLUDE_TARGETS="/usr/local/include/lynis /usr/local/lynis/include /usr/share/lynis/include ./include" # Default paths to check (CWD as last option, in case we run from standalone) tINCLUDE_TARGETS="/usr/local/include/lynis /usr/local/lynis/include /usr/share/lynis/include ./include" # Default paths to check (CWD as last option, in case we run from standalone)
for I in ${tINCLUDE_TARGETS}; do for I in ${tINCLUDE_TARGETS}; do
@ -86,6 +91,7 @@
INCLUDEDIR=${I} INCLUDEDIR=${I}
fi fi
done done
fi
# Drop out if our include directory can't be found # Drop out if our include directory can't be found
if [ -z "${INCLUDEDIR}" ]; then if [ -z "${INCLUDEDIR}" ]; then
@ -94,6 +100,9 @@
fi fi
# Test for database directory # Test for database directory
if [ ${USE_CWD} -eq 1 ]; then
DBDIR="./db"
else
DBDIR=""; tDB_TARGETS="/usr/local/share/lynis/db /usr/local/lynis/db /usr/share/lynis/db ./db" DBDIR=""; tDB_TARGETS="/usr/local/share/lynis/db /usr/local/lynis/db /usr/share/lynis/db ./db"
for I in ${tDB_TARGETS}; do for I in ${tDB_TARGETS}; do
if [ "${I}" = "./db" ]; then if [ "${I}" = "./db" ]; then
@ -102,6 +111,7 @@
DBDIR="${I}" DBDIR="${I}"
fi fi
done done
fi
# #
################################################################################# #################################################################################
# #