New option: --usecwd to run from current working directory

CHANGELOG.md

@@ -27,6 +27,7 @@ measures to further tighten any possible misuse.
 - New function: Readonly - mark variable read-only (security)
 - New function: SafeFile - test file type and call permission check
 - New function: SafeInput - check for safe input (security)
+- New option: --usecwd - run from the current working directory
 - New profile option: disable-plugin - disables a single plugin
 - New profile option: ssl-certificate-paths-to-ignore - ignore a path
 - New test: CRYP-7930 - disk or file system encryption testing

include/functions

@@ -435,7 +435,11 @@
             DEFAULT_PROFILE=""
             PROFILEDIR=""
             tPROFILE_NAMES="default.prf custom.prf"
-            tPROFILE_TARGETS="/usr/local/etc/lynis /etc/lynis /usr/local/lynis ."
+            if [ ${USE_CWD} -eq 1 ]; then
+                tPROFILE_TARGETS="."
+            else
+                tPROFILE_TARGETS="/usr/local/etc/lynis /etc/lynis /usr/local/lynis ."
+            fi
             for PNAME in ${tPROFILE_NAMES}; do
                 for PLOC in ${tPROFILE_TARGETS}; do
                     # Only use one default.prf

include/parameters

@@ -414,6 +414,10 @@
                 UPLOAD_DATA=1
             ;;
 
+            --usecwd)
+                return
+            ;;
+
             --verbose)
                 VERBOSE=1
             ;;

lynis

@@ -77,15 +77,21 @@
     WORKDIR=$(pwd)
 
     # Test from which directories we can use all functions and tests
-    INCLUDEDIR=""
+    USE_CWD=0
-    tINCLUDE_TARGETS="/usr/local/include/lynis /usr/local/lynis/include /usr/share/lynis/include ./include"  # Default paths to check (CWD as last option, in case we run from standalone)
+    if case "$@" in *--usecwd*) true;; *) false;; esac; then
-    for I in ${tINCLUDE_TARGETS}; do
+        USE_CWD=1
-        if [ "${I}" = "./include" ]; then
+        INCLUDEDIR="./include"
-            if [ -d "${WORKDIR}/include" ]; then INCLUDEDIR="${WORKDIR}/include"; fi
+    else
-        elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then
+        INCLUDEDIR=""
-            INCLUDEDIR=${I}
+        tINCLUDE_TARGETS="/usr/local/include/lynis /usr/local/lynis/include /usr/share/lynis/include ./include"  # Default paths to check (CWD as last option, in case we run from standalone)
-        fi
+        for I in ${tINCLUDE_TARGETS}; do
-    done
+            if [ "${I}" = "./include" ]; then
+                if [ -d "${WORKDIR}/include" ]; then INCLUDEDIR="${WORKDIR}/include"; fi
+            elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then
+                INCLUDEDIR=${I}
+            fi
+        done
+    fi
 
     # Drop out if our include directory can't be found
     if [ -z "${INCLUDEDIR}" ]; then
@@ -94,14 +100,18 @@
     fi
 
     # Test for database directory
-    DBDIR=""; tDB_TARGETS="/usr/local/share/lynis/db /usr/local/lynis/db /usr/share/lynis/db ./db"
+    if [ ${USE_CWD} -eq 1 ]; then
-    for I in ${tDB_TARGETS}; do
+        DBDIR="./db"
-        if [ "${I}" = "./db" ]; then
+    else
-            if [ -d "${WORKDIR}/db" ]; then DBDIR="${WORKDIR}/db"; fi
+        DBDIR=""; tDB_TARGETS="/usr/local/share/lynis/db /usr/local/lynis/db /usr/share/lynis/db ./db"
-        elif [ -d ${I} -a -z "${DBDIR}" ]; then
+        for I in ${tDB_TARGETS}; do
-            DBDIR="${I}"
+            if [ "${I}" = "./db" ]; then
-        fi
+                if [ -d "${WORKDIR}/db" ]; then DBDIR="${WORKDIR}/db"; fi
-    done
+            elif [ -d ${I} -a -z "${DBDIR}" ]; then
+                DBDIR="${I}"
+            fi
+        done
+    fi
 #
 #################################################################################
 #