tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-27 07:44:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Migrate to new options, including skip-plugins

Browse Source
This commit is contained in:
Michael Boelen 2016-07-05 17:26:27 +02:00
parent 75786a1c80
commit bac442c6fe
6 changed files with 82 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
default.prf
View File

@ -1,11 +1,24 @@
################################################################################# #################################################################################
# #
#
# Lynis - Scan Profile (default) # Lynis - Scan Profile (default)
# #
# This is the default profile and contains default values. # This is the default profile and contains default values.
# #
# Do not change this file directly. Instead copy over the settings you need #
# to a new file (custom.prf) and keep it tidy. #################################################################################
#
#
# SUGGESTION
# ----------
#
# Do NOT make changes to this file, instead copy your preferred settings to
# custom.prf and put it in the same directory as default.prf
#
# To discover where your profiles are located: lynis show profiles
#
#
#################################################################################
# #
# All empty lines or with the # prefix will be skipped # All empty lines or with the # prefix will be skipped
# #
@ -14,37 +27,53 @@
# #
################################################################################# #################################################################################
# Show non-zero exit code when warnings are found
error-on-warnings=no
# Use Lynis in your own language (available languages: en fr nl)
language=en
# Defines the role of the system (desktop, server)
machine-role=server
# Profile name, will be used as title/description # Profile name, will be used as title/description
profile-name=Default Audit Template profile-name=Default Audit Template
# Number of seconds to pause between every test (0 is no pause) # Number of seconds to pause between every test (0 is no pause)
pause-between-tests=0 pause-between-tests=0
################################################################################# # Enable quick mode (no waiting for keypresses, same as --quick option)
# quick=no
# Testing options
# ---------------
#
#################################################################################
# ** Scan type ** # Show inline tips about the tool
# show-tool-tips=yes
# Description: How deep the audit should be
# Values: light, normal or full (default) # Skip plugins
# skip-plugins=no
# Skip a test (one per line)
#skip-test=SSH-7408
# Skip a particular option within a test (when applicable)
#skip-test=SSH-7408:loglevel
#skip-test=SSH-7408:permitrootlogin
# Scan type - how deep the audit should be (light, normal or full)
test-scan-mode=full test-scan-mode=full
# ** Skip one or more specific tests **
# (always ignores scan mode and will make sure the test is skipped)
#
# config:test_skip_always:AAAA-1234 BBBB-5678 CCCC-9012:
# ** Define machine role ** #################################################################################
# #
# Description: defines the role of the system # SUGGESTION
# Values: desktop, server (default) # ----------
# #
machine-role=server # Do NOT make changes to this file, instead copy your preferred settings to
# custom.prf and put it in the same directory as default.prf
#
# To discover where your profiles are located: lynis show profiles
#
#################################################################################
################################################################################# #################################################################################
# #
@ -85,6 +114,15 @@ plugin=systemd
plugin=users plugin=users
#################################################################################
#
# Configuration (Old Style) - will be replaced in phases
#
#################################################################################
################################################################################# #################################################################################
# #
# Kernel options # Kernel options
@ -374,45 +412,5 @@ license-key=
config:compliance_standards:cis,hipaa,iso27001,pci-dss: config:compliance_standards:cis,hipaa,iso27001,pci-dss:
#################################################################################
#
# Configuration (New Style)
#
#################################################################################
# Show non-zero exit code when warnings are found
error-on-warnings=no
# Use Lynis in your own language (available languages: en fr nl)
language=en
# Enable quick mode (no waiting for keypresses, same as --quick option)
quick=no
# Show inline tips about the tool
show-tool-tips=yes
# Skip plugins
skip-plugins=no
# Skip a test (one per line)
#skip-test=SSH-7408
# Skip a particular option within a test (when applicable)
#skip-test=SSH-7408:loglevel
#skip-test=SSH-7408:permitrootlogin
#################################################################################
#
# SUGGESTION
# ----------
#
# Do NOT make changes to this file, instead copy your preferred settings to
# custom.prf and put it in the same directory as default.prf
#
# To discover where your profiles are located: lynis show profiles
#
#################################################################################
#EOF #EOF

2
include/consts
View File

@ -153,7 +153,6 @@ unset LANG
RKHUNTERBINARY="" RKHUNTERBINARY=""
RPMBINARY="" RPMBINARY=""
RUN_HELPERS=0 RUN_HELPERS=0
RUN_PLUGINS=1
RUN_TESTS=1 RUN_TESTS=1
SAMHAINBINARY="" SAMHAINBINARY=""
SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW="" SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW=""
@ -166,6 +165,7 @@ unset LANG
SHOW_PROGRAM_DETAILS=1 SHOW_PROGRAM_DETAILS=1
SHOW_REPORT=1 SHOW_REPORT=1
SHOW_WARNINGS_ONLY=0 SHOW_WARNINGS_ONLY=0
SKIP_PLUGINS=0
SKIP_TESTS="" SKIP_TESTS=""
SKIPPED_TESTS_ROOTONLY="" SKIPPED_TESTS_ROOTONLY=""
SSHKEYSCANBINARY="" SSHKEYSCANBINARY=""

2
include/helper_show
View File

@ -209,6 +209,8 @@ if [ $# -gt 0 ]; then
if [ ${BRIEF_OUTPUT} -eq 0 ]; then ${ECHOCMD} ""; fi if [ ${BRIEF_OUTPUT} -eq 0 ]; then ${ECHOCMD} ""; fi
fi fi
done done
if [ ${BRIEF_OUTPUT} -eq 0 ]; then DisplayToolTip "add --brief to show just the settings, --nocolors to remove colors"; fi
;; ;;
"tests") "tests")
if [ $# -gt 0 ]; then if [ $# -gt 0 ]; then

25
include/profiles
View File

@ -171,7 +171,7 @@
# How much seconds to wait between tests # How much seconds to wait between tests
pause_between_tests | pause-between-tests) pause_between_tests | pause-between-tests)
TEST_PAUSE_TIME="${VALUE}" TEST_PAUSE_TIME="${VALUE}"
AddSetting "pause-between-tests" "${TEST_PAUSE_TIME}" "Pause between tests" AddSetting "pause-between-tests" "${TEST_PAUSE_TIME}" "Pause between tests (in seconds)"
;; ;;
# Plugin # Plugin
@ -196,29 +196,38 @@
# Quick (no waiting for keypresses) # Quick (no waiting for keypresses)
quick) quick)
FIND=`echo "${VALUE}" | egrep "^(1|yes)"` && QUICKMODE=1 # Quick mode (SKIP_PLUGINS) might already be set outside profile, so store in different variable
Debug "Quickmode set to ${QUICKMODE}" SETTING_QUICK_MODE=0 # default is no
FIND=`echo "${VALUE}" | egrep "^(1|true|yes)$"` && QUICKMODE=1
if [ ! -z "${FIND}" ]; then SETTING_QUICK_MODE=1; fi
Debug "Quickmode set to ${SETTING_QUICK_MODE}"
AddSetting "quick" "${SETTING_QUICK_MODE}" "Quick mode (non-interactive)"
;; ;;
# Inline tips about tool (default enabled) # Inline tips about tool (default enabled)
show_tool_tips | show-tool-tips) show_tool_tips | show-tool-tips)
FIND=`echo "${VALUE}" | egrep "^(1|false|no)"` && SHOW_TOOL_TIPS=0 FIND=`echo "${VALUE}" | egrep "^(1|false|no)$"` && SHOW_TOOL_TIPS=0
Debug "Show tool tips set to ${SHOW_TOOL_TIPS}" Debug "Show tool tips set to ${SHOW_TOOL_TIPS}"
AddSetting "show-tool-tips" "${SHOW_TOOL_TIPS}" "Show tool tips"
;; ;;
# Show warnings only # Show warnings only
show-warnings-only) show-warnings-only)
QUIET=1 QUIET=1
QUICKMODE=1 QUICKMODE=1
FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && SHOW_WARNINGS_ONLY=1 FIND=`echo "${VALUE}" | egrep "^(1|true|yes)$"` && SHOW_WARNINGS_ONLY=1
Debug "Show warnings only set to ${SHOW_WARNINGS_ONLY}" Debug "Show warnings only set to ${SHOW_WARNINGS_ONLY}"
AddSetting "show-warnings-only" "${SHOW_WARNINGS_ONLY}" "Show only warnings"
;; ;;
# Skip plugins # Skip plugins
skip-plugins) skip-plugins)
FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && RUN_PLUGINS=0 # Skip plugins (SKIP_PLUGINS) might already be set, so store in different variable
Debug "Run plugins is set to ${RUN_PLUGINS}" SETTING_SKIP_PLUGINS=0 # default is no
AddSetting "run-plugins" "${RUN_PLUGINS}" "Run plugins" FIND=`echo "${VALUE}" | egrep "^(1|true|yes)$"` && SKIP_PLUGINS=1
if [ ! -z "${FIND}" ]; then SETTING_SKIP_PLUGINS=1; fi
Debug "Skip plugins is set to ${SETTING_SKIP_PLUGINS}"
AddSetting "skip-plugins" "${SETTING_SKIP_PLUGINS}" "Skip plugins"
;; ;;
# SSL paths # SSL paths

2
include/report
View File

@ -167,7 +167,7 @@
echo "" echo ""
echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}" echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}"
echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}" echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}"
if [ ${RUN_PLUGINS} -eq 1 ]; then echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"; fi if [ ${SKIP_PLUGINS} -eq 0 ]; then echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"; fi
echo "" echo ""
echo " ${WHITE}Components${NORMAL}:" echo " ${WHITE}Components${NORMAL}:"
if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi

4
lynis
View File

@ -743,7 +743,7 @@ ${NORMAL}
################################################################################# #################################################################################
# #
# Plugins # Plugins
if [ ${RUN_PLUGINS} -eq 1 ]; then if [ ${SKIP_PLUGINS} -eq 0 ]; then
N_PLUGIN=0 N_PLUGIN=0
N_PLUGIN_ENABLED=0 N_PLUGIN_ENABLED=0
@ -933,7 +933,7 @@ ${NORMAL}
# #
################################################################################# #################################################################################
# #
if [ ${RUN_PLUGINS} -eq 1 ]; then if [ ${SKIP_PLUGINS} -eq 0 ]; then
RunPlugins 2 RunPlugins 2
if [ ${N_PLUGIN_ENABLED} -gt 1 ]; then if [ ${N_PLUGIN_ENABLED} -gt 1 ]; then
Display --indent 2 --text "- Plugins (phase 2)" --result "DONE" --color GREEN Display --indent 2 --text "- Plugins (phase 2)" --result "DONE" --color GREEN