mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-24 22:34:33 +02:00
Added firewall_software[] to report
This commit is contained in:
mboelen
parent
84d619852a
commit
b453190cd7
@ -91,6 +91,7 @@
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
if [ ${IPTABLES_ACTIVE} -eq 1 ]; then Report "firewall_software[]=iptables"; fi
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
@ -246,6 +247,7 @@
|
|||||||
if [ ${PFFOUND} -eq 1 ]; then
|
if [ ${PFFOUND} -eq 1 ]; then
|
||||||
FIREWALL_ACTIVE=1
|
FIREWALL_ACTIVE=1
|
||||||
FIREWALL_SOFTWARE="pf"
|
FIREWALL_SOFTWARE="pf"
|
||||||
|
Report "firewall_software[]=pf"
|
||||||
else
|
else
|
||||||
LogText "Result: pf not running on this system"
|
LogText "Result: pf not running on this system"
|
||||||
fi
|
fi
|
||||||
@ -295,6 +297,7 @@
|
|||||||
LogText "Result: ${FILE} exists"
|
LogText "Result: ${FILE} exists"
|
||||||
FIREWALL_ACTIVE=1
|
FIREWALL_ACTIVE=1
|
||||||
FIREWALL_SOFTWARE="csf"
|
FIREWALL_SOFTWARE="csf"
|
||||||
|
Report "firewall_software[]=csf"
|
||||||
Display --indent 2 --text "- Checking CSF status (configuration file)" --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking CSF status (configuration file)" --result FOUND --color GREEN
|
||||||
else
|
else
|
||||||
LogText "Result: ${FILE} does NOT exist"
|
LogText "Result: ${FILE} does NOT exist"
|
||||||
@ -314,6 +317,7 @@
|
|||||||
LogText "Result: ipf is enabled and running"
|
LogText "Result: ipf is enabled and running"
|
||||||
FIREWALL_ACTIVE=1
|
FIREWALL_ACTIVE=1
|
||||||
FIREWALL_SOFTWARE="ipf"
|
FIREWALL_SOFTWARE="ipf"
|
||||||
|
Report "firewall_software[]=ipf"
|
||||||
else
|
else
|
||||||
Display --indent 4 --text "- Checking ipf status" --result "NOT RUNNING" --color YELLOW
|
Display --indent 4 --text "- Checking ipf status" --result "NOT RUNNING" --color YELLOW
|
||||||
LogText "Result: ipf is not running"
|
LogText "Result: ipf is not running"
|
||||||
@ -334,6 +338,7 @@
|
|||||||
LogText "Result: IPFW is running for IPv4"
|
LogText "Result: IPFW is running for IPv4"
|
||||||
FIREWALL_ACTIVE=1
|
FIREWALL_ACTIVE=1
|
||||||
FIREWALL_SOFTWARE="ipfw"
|
FIREWALL_SOFTWARE="ipfw"
|
||||||
|
Report "firewall_software[]=ipfw"
|
||||||
IPFW_ENABLED=`service -e | grep -o ipfw`
|
IPFW_ENABLED=`service -e | grep -o ipfw`
|
||||||
if [ "${IPFW_ENABLED}" = "ipfw" ]; then
|
if [ "${IPFW_ENABLED}" = "ipfw" ]; then
|
||||||
Display --indent 4 --text "- IPFW enabled in /etc/rc.conf" --result YES --color GREEN
|
Display --indent 4 --text "- IPFW enabled in /etc/rc.conf" --result YES --color GREEN
|
||||||
@ -384,6 +389,7 @@
|
|||||||
if [ ! "${FIND}" = "" ]; then
|
if [ ! "${FIND}" = "" ]; then
|
||||||
FIREWALL_SOFTWARE="nftables"
|
FIREWALL_SOFTWARE="nftables"
|
||||||
NFTABLES_ACTIVE=1
|
NFTABLES_ACTIVE=1
|
||||||
|
Report "firewall_software[]=nftables"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
@ -396,7 +402,7 @@
|
|||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
# Retrieve nft version
|
# Retrieve nft version
|
||||||
NFT_VERSION=`${NFTBINARY} --version 2> /dev/null | ${AWKBINARY} '{ if ($1=="nftables") { print $2 }}' | tr -d 'v'`
|
NFT_VERSION=`${NFTBINARY} --version 2> /dev/null | ${AWKBINARY} '{ if ($1=="nftables") { print $2 }}' | tr -d 'v'`
|
||||||
report "nft_version=${NFT_VERSION}"
|
Report "nft_version=${NFT_VERSION}"
|
||||||
|
|
||||||
# Check for empty ruleset
|
# Check for empty ruleset
|
||||||
NFT_RULES_LENGTH=`${NFTBINARY} export json 2> /dev/null | wc -c`
|
NFT_RULES_LENGTH=`${NFTBINARY} export json 2> /dev/null | wc -c`
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user