Migrate to new options, including skip-plugins

2016-07-05 17:26:27 +02:00 · 2016-07-05 17:26:27 +02:00 · bac442c6fe
parent 75786a1c80
commit bac442c6fe
6 changed files with 82 additions and 73 deletions
--- a/default.prf
+++ b/default.prf
@ -1,11 +1,24 @@
 #################################################################################
 #
+#
 # Lynis - Scan Profile (default)
 #
 # This is the default profile and contains default values.
 #
-# Do not change this file directly. Instead copy over the settings you need
-# to a new file (custom.prf) and keep it tidy.
+#
+#################################################################################
+#
+#
+# SUGGESTION
+# ----------
+#
+# Do NOT make changes to this file, instead copy your preferred settings to
+# custom.prf and put it in the same directory as default.prf
+#
+# To discover where your profiles are located: lynis show profiles
+#
+#
+#################################################################################
 #
 # All empty lines or with the # prefix will be skipped
 #
@ -14,37 +27,53 @@
 #
 #################################################################################

+
+# Show non-zero exit code when warnings are found
+error-on-warnings=no
+
+# Use Lynis in your own language (available languages: en fr nl)
+language=en
+
+# Defines the role of the system (desktop, server)
+machine-role=server
+
 # Profile name, will be used as title/description
 profile-name=Default Audit Template

 # Number of seconds to pause between every test (0 is no pause)
 pause-between-tests=0

-#################################################################################
-#
-# Testing options
-# ---------------
-#
-#################################################################################
+# Enable quick mode (no waiting for keypresses, same as --quick option)
+quick=no

-# ** Scan type **
-#
-# Description: How deep the audit should be
-# Values: light, normal or full (default)
-#
+# Show inline tips about the tool
+show-tool-tips=yes
+
+# Skip plugins
+skip-plugins=no
+
+# Skip a test (one per line)
+#skip-test=SSH-7408
+
+# Skip a particular option within a test (when applicable)
+#skip-test=SSH-7408:loglevel
+#skip-test=SSH-7408:permitrootlogin
+
+# Scan type - how deep the audit should be (light, normal or full)
 test-scan-mode=full

-# ** Skip one or more specific tests **
-# (always ignores scan mode and will make sure the test is skipped)
-#
-# config:test_skip_always:AAAA-1234 BBBB-5678 CCCC-9012:

-# ** Define machine role **
+#################################################################################
 #
-# Description: defines the role of the system
-# Values: desktop, server (default)
+# SUGGESTION
+# ----------
 #
-machine-role=server
+# Do NOT make changes to this file, instead copy your preferred settings to
+# custom.prf and put it in the same directory as default.prf
+#
+# To discover where your profiles are located:  lynis show profiles
+#
+#################################################################################

 #################################################################################
 #
@ -85,6 +114,15 @@ plugin=systemd
 plugin=users


+
+
+#################################################################################
+#
+# Configuration (Old Style) - will be replaced in phases
+#
+#################################################################################
+
+
 #################################################################################
 #
 # Kernel options
@ -374,45 +412,5 @@ license-key=
 config:compliance_standards:cis,hipaa,iso27001,pci-dss:


-#################################################################################
-#
-# Configuration (New Style)
-#
-#################################################################################
-
-# Show non-zero exit code when warnings are found
-error-on-warnings=no
-
-# Use Lynis in your own language (available languages: en fr nl)
-language=en
-
-# Enable quick mode (no waiting for keypresses, same as --quick option)
-quick=no
-
-# Show inline tips about the tool
-show-tool-tips=yes
-
-# Skip plugins
-skip-plugins=no
-
-# Skip a test (one per line)
-#skip-test=SSH-7408
-
-# Skip a particular option within a test (when applicable)
-#skip-test=SSH-7408:loglevel
-#skip-test=SSH-7408:permitrootlogin
-
-
-#################################################################################
-#
-# SUGGESTION
-# ----------
-#
-# Do NOT make changes to this file, instead copy your preferred settings to
-# custom.prf and put it in the same directory as default.prf
-#
-# To discover where your profiles are located:  lynis show profiles
-#
-#################################################################################

 #EOF
--- a/include/consts
+++ b/include/consts
@ -153,7 +153,6 @@ unset LANG
    RKHUNTERBINARY=""
    RPMBINARY=""
    RUN_HELPERS=0
-    RUN_PLUGINS=1
    RUN_TESTS=1
    SAMHAINBINARY=""
    SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW=""
@ -166,6 +165,7 @@ unset LANG
    SHOW_PROGRAM_DETAILS=1
    SHOW_REPORT=1
    SHOW_WARNINGS_ONLY=0
+    SKIP_PLUGINS=0
    SKIP_TESTS=""
    SKIPPED_TESTS_ROOTONLY=""
    SSHKEYSCANBINARY=""
--- a/include/helper_show
+++ b/include/helper_show
@ -209,6 +209,8 @@ if [ $# -gt 0 ]; then
                    if [ ${BRIEF_OUTPUT} -eq 0 ]; then ${ECHOCMD} ""; fi
                fi
            done
+            if [ ${BRIEF_OUTPUT} -eq 0 ]; then DisplayToolTip "add --brief to show just the settings, --nocolors to remove colors"; fi
+
            ;;
        "tests")
            if [ $# -gt 0 ]; then
--- a/include/profiles
+++ b/include/profiles
@ -171,7 +171,7 @@
                # How much seconds to wait between tests
                pause_between_tests | pause-between-tests)
                    TEST_PAUSE_TIME="${VALUE}"
-                    AddSetting "pause-between-tests" "${TEST_PAUSE_TIME}" "Pause between tests"
+                    AddSetting "pause-between-tests" "${TEST_PAUSE_TIME}" "Pause between tests (in seconds)"
                ;;

                # Plugin
@ -196,29 +196,38 @@

                # Quick (no waiting for keypresses)
                quick)
-                    FIND=`echo "${VALUE}" | egrep "^(1|yes)"` && QUICKMODE=1
-                    Debug "Quickmode set to ${QUICKMODE}"
+                    # Quick mode (SKIP_PLUGINS) might already be set outside profile, so store in different variable
+                    SETTING_QUICK_MODE=0 # default is no
+                    FIND=`echo "${VALUE}" | egrep "^(1|true|yes)$"` && QUICKMODE=1
+                    if [ ! -z "${FIND}" ]; then SETTING_QUICK_MODE=1; fi
+                    Debug "Quickmode set to ${SETTING_QUICK_MODE}"
+                    AddSetting "quick" "${SETTING_QUICK_MODE}" "Quick mode (non-interactive)"
                ;;

                # Inline tips about tool (default enabled)
                show_tool_tips | show-tool-tips)
-                    FIND=`echo "${VALUE}" | egrep "^(1|false|no)"` && SHOW_TOOL_TIPS=0
+                    FIND=`echo "${VALUE}" | egrep "^(1|false|no)$"` && SHOW_TOOL_TIPS=0
                    Debug "Show tool tips set to ${SHOW_TOOL_TIPS}"
+                    AddSetting "show-tool-tips" "${SHOW_TOOL_TIPS}" "Show tool tips"
                ;;

                # Show warnings only
                show-warnings-only)
                    QUIET=1
                    QUICKMODE=1
-                    FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && SHOW_WARNINGS_ONLY=1
+                    FIND=`echo "${VALUE}" | egrep "^(1|true|yes)$"` && SHOW_WARNINGS_ONLY=1
                    Debug "Show warnings only set to ${SHOW_WARNINGS_ONLY}"
+                    AddSetting "show-warnings-only" "${SHOW_WARNINGS_ONLY}" "Show only warnings"
                ;;

                # Skip plugins
                skip-plugins)
-                    FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && RUN_PLUGINS=0
-                    Debug "Run plugins is set to ${RUN_PLUGINS}"
-                    AddSetting "run-plugins" "${RUN_PLUGINS}" "Run plugins"
+                    # Skip plugins (SKIP_PLUGINS) might already be set, so store in different variable
+                    SETTING_SKIP_PLUGINS=0 # default is no
+                    FIND=`echo "${VALUE}" | egrep "^(1|true|yes)$"` && SKIP_PLUGINS=1
+                    if [ ! -z "${FIND}" ]; then SETTING_SKIP_PLUGINS=1; fi
+                    Debug "Skip plugins is set to ${SETTING_SKIP_PLUGINS}"
+                    AddSetting "skip-plugins" "${SETTING_SKIP_PLUGINS}" "Skip plugins"
                ;;

                # SSL paths
--- a/include/report
+++ b/include/report
@ -167,7 +167,7 @@
            echo ""
            echo "  ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}"
            echo "  ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}"
-            if [ ${RUN_PLUGINS} -eq 1 ]; then echo "  ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"; fi
+            if [ ${SKIP_PLUGINS} -eq 0 ]; then echo "  ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"; fi
            echo ""
            echo "  ${WHITE}Components${NORMAL}:"
            if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi
--- a/4
+++ b/4
@ -743,7 +743,7 @@ ${NORMAL}
 #################################################################################
 #
    # Plugins
-    if [ ${RUN_PLUGINS} -eq 1 ]; then
+    if [ ${SKIP_PLUGINS} -eq 0 ]; then

        N_PLUGIN=0
        N_PLUGIN_ENABLED=0
@ -933,7 +933,7 @@ ${NORMAL}
 #
 #################################################################################
 #
-    if [ ${RUN_PLUGINS} -eq 1 ]; then
+    if [ ${SKIP_PLUGINS} -eq 0 ]; then
        RunPlugins 2
        if [ ${N_PLUGIN_ENABLED} -gt 1 ]; then
            Display --indent 2 --text "- Plugins (phase 2)" --result "DONE" --color GREEN