tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Corrected requirements to run tests

This commit is contained in:
Michael Boelen 2020-03-25 19:33:55 +01:00
parent daa9c42ec0
commit b8cdb04772
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
include/tests_time
View File

@ -81,7 +81,7 @@
fi fi
# Check for OpenNTPD, ntpctl comes with a "regular" install # Check for OpenNTPD, ntpctl comes with a "regular" install
if [ -n ${NTPCTLBINARY} ]; then if [ -n "${NTPCTLBINARY}" ]; then
# In contrast to timectl, "synchronised: yes" is not grepped. # In contrast to timectl, "synchronised: yes" is not grepped.
# Reason: openntpd syncs only if large time corrections are not required or -s is passed. # Reason: openntpd syncs only if large time corrections are not required or -s is passed.
# This might be not intended by the administrator (-s is NOT the default!) # This might be not intended by the administrator (-s is NOT the default!)
@ -526,14 +526,12 @@
# #
# Test : TIME-3180 # Test : TIME-3180
# Description : Report if ntpctl cannot communicate with OpenNTPD # Description : Report if ntpctl cannot communicate with OpenNTPD
if [ "${NTPD_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" == "openntpd" ]; then if [ "${NTPD_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" == "openntpd" ]; then
PREQS_MET="YES" PREQS_MET="YES"
else else
PREQS_MET="NO" PREQS_MET="NO"
fi fi
Register --test-no TIME-3180 --preqs-met "${PREQS_MET}" --weight L --network NO --category security --description "Report if ntpctl cannot communicate with OpenNTPD"
Register --test-no TIME-3180 --weight L --network NO --category security --description "Report if ntpctl cannot communicate with OpenNTPD"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
if [ "${OPENNTPD_COMMUNICATION}" -eq 0 ]; then if [ "${OPENNTPD_COMMUNICATION}" -eq 0 ]; then
ReportWarning "${TEST_NO}" "OpenNTPD found, but ntpctl cannot communicate with" "${NTPCTLBINARY} -s status" "Restart OpenNTPD" ReportWarning "${TEST_NO}" "OpenNTPD found, but ntpctl cannot communicate with" "${NTPCTLBINARY} -s status" "Restart OpenNTPD"
@ -544,14 +542,13 @@
# #
# Test : TIME-3181 # Test : TIME-3181
# Description : Check status of OpenNTPD time synchronisation # Description : Check status of OpenNTPD time synchronisation
if [ "${NTPD_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" == "openntpd" ] && [ "${OPENNTPD_COMMUNICATION}" -eq 1 ]; then if [ "${NTPD_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" == "openntpd" ] && [ "${OPENNTPD_COMMUNICATION}" -eq 1 ]; then
PREQS_MET="YES" PREQS_MET="YES"
else else
PREQS_MET="NO" PREQS_MET="NO"
fi fi
Register --test-no TIME-3181 --weight L --network NO --category security --description "Check status of OpenNTPD time synchronisation" Register --test-no TIME-3181 --preqs-met "${PREQS_MET}" --weight L --network NO --category security --description "Check status of OpenNTPD time synchronisation"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(${NTPCTLBINARY} -s status | ${GREPBINARY} "clock synced" ) FIND=$(${NTPCTLBINARY} -s status | ${GREPBINARY} "clock synced" )
if [ -z "${FIND}" ]; then if [ -z "${FIND}" ]; then
@ -570,7 +567,7 @@
PREQS_MET="NO" PREQS_MET="NO"
fi fi
Register --test-no TIME-3182 --weight L --network NO --category security --description "Check OpenNTPD has working peers" Register --test-no TIME-3182 --preqs-met "${PREQS_MET}" --weight L --network NO --category security --description "Check OpenNTPD has working peers"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# Format is "xx/yy peers valid, ..." # Format is "xx/yy peers valid, ..."
FIND=$(${NTPCTLBINARY} -s status | ${EGREPBINARY} -o "[0-9]{1,4}/" | ${EGREPBINARY} -o "[0-9]{1,4}" ) FIND=$(${NTPCTLBINARY} -s status | ${EGREPBINARY} -o "[0-9]{1,4}/" | ${EGREPBINARY} -o "[0-9]{1,4}" )