tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Combine "sort | uniq" into "sort -u" to reduce the number of processes used for running Lynis. The busybox version of sort also supports the -u option.

This commit is contained in:
SiemKorteweg 2015-10-04 17:59:28 +02:00
parent 6c4b790a22
commit bf1da50c14
5 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/tests_homedirs
View File

@ -34,7 +34,7 @@
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# Read sixth field of /etc/passwd # Read sixth field of /etc/passwd
logtext "Test: query /etc/passwd to obtain home directories" logtext "Test: query /etc/passwd to obtain home directories"
FIND=`${AWKBINARY} -F: '{ if ($1 !~ "#") print $6 }' /etc/passwd | sort | uniq` FIND=`${AWKBINARY} -F: '{ if ($1 !~ "#") print $6 }' /etc/passwd | sort -u`
for I in ${FIND}; do for I in ${FIND}; do
if [ -d ${I} ]; then if [ -d ${I} ]; then
logtext "Result: found home directory: ${I} (directory exists)" logtext "Result: found home directory: ${I} (directory exists)"

12
include/tests_logging
View File

@ -254,7 +254,7 @@
Register --test-no LOGG-2148 --weight L --preqs-met ${PREQS_MET} --network NO --description "Checking logrotated files" Register --test-no LOGG-2148 --weight L --preqs-met ${PREQS_MET} --network NO --description "Checking logrotated files"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking which files are rotated with logrotate and if they exist" logtext "Test: Checking which files are rotated with logrotate and if they exist"
FIND=`${LOGROTATEBINARY} -d -v /etc/logrotate.conf 2>&1 | egrep "considering log|skipping" | grep -v '*' | sort | uniq | awk '{ if ($2!="log") { print "File:"$2":does_not_exist" } else { print "File:"$3":exists" } }'` FIND=`${LOGROTATEBINARY} -d -v /etc/logrotate.conf 2>&1 | egrep "considering log|skipping" | grep -v '*' | sort -u | awk '{ if ($2!="log") { print "File:"$2":does_not_exist" } else { print "File:"$3":exists" } }'`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
logtext "Result: nothing found" logtext "Result: nothing found"
else else
@ -273,7 +273,7 @@
Register --test-no LOGG-2150 --weight L --preqs-met ${PREQS_MET} --network NO --description "Checking directories in logrotate configuration" Register --test-no LOGG-2150 --weight L --preqs-met ${PREQS_MET} --network NO --description "Checking directories in logrotate configuration"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking which directories can be found in logrotate configuration" logtext "Test: Checking which directories can be found in logrotate configuration"
FIND=`${LOGROTATEBINARY} -d -v /etc/logrotate.conf 2>&1 | egrep "considering log|skipping" | grep -v '*' | sort | uniq | awk '{ if ($2=="log") { print $3 } }' | sed 's@/[^/]*$@@g' | sort | uniq` FIND=`${LOGROTATEBINARY} -d -v /etc/logrotate.conf 2>&1 | egrep "considering log|skipping" | grep -v '*' | sort -u | awk '{ if ($2=="log") { print $3 } }' | sed 's@/[^/]*$@@g' | sort -u`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
logtext "Result: nothing found" logtext "Result: nothing found"
else else
@ -380,7 +380,7 @@
Register --test-no LOGG-2162 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking directories in /etc/newsyslog.conf" Register --test-no LOGG-2162 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking directories in /etc/newsyslog.conf"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: parsing directories from /etc/newsyslog.conf file" logtext "Test: parsing directories from /etc/newsyslog.conf file"
FIND=`cat /etc/newsyslog.conf | sort | uniq | grep "^/" | awk '{ print $1 }' | sed 's/\/*[a-zA-Z_.-]*$//g' | sort | uniq` FIND=`cat /etc/newsyslog.conf | sort -u | grep "^/" | awk '{ print $1 }' | sed 's/\/*[a-zA-Z_.-]*$//g' | sort -u`
for I in ${FIND}; do for I in ${FIND}; do
if [ -d ${I} ]; then if [ -d ${I} ]; then
logtext "Result: Directory ${I} found and exists" logtext "Result: Directory ${I} found and exists"
@ -400,7 +400,7 @@
Register --test-no LOGG-2164 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking files specified /etc/newsyslog.conf" Register --test-no LOGG-2164 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking files specified /etc/newsyslog.conf"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: parsing files from /etc/newsyslog.conf file" logtext "Test: parsing files from /etc/newsyslog.conf file"
FIND=`cat /etc/newsyslog.conf | sort | uniq | grep "^/" | awk '{ print $1 }'` FIND=`cat /etc/newsyslog.conf | sort -u | grep "^/" | awk '{ print $1 }'`
for I in ${FIND}; do for I in ${FIND}; do
if [ -f ${I} ]; then if [ -f ${I} ]; then
logtext "Result: File ${I} found and exists" logtext "Result: File ${I} found and exists"
@ -437,7 +437,7 @@
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: checking open log files with lsof" logtext "Test: checking open log files with lsof"
if [ ! "${LSOFBINARY}" = "" ]; then if [ ! "${LSOFBINARY}" = "" ]; then
FIND=`${LSOFBINARY} -n 2>&1 | grep "log$" | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $9 } }' | sort | uniq | grep -v "^$"` FIND=`${LSOFBINARY} -n 2>&1 | grep "log$" | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $9 } }' | sort -u | grep -v "^$"`
for I in ${FIND}; do for I in ${FIND}; do
logtext "Found logfile: ${I}" logtext "Found logfile: ${I}"
report "open_logfile[]=${I}" report "open_logfile[]=${I}"
@ -458,7 +458,7 @@
Register --test-no LOGG-2190 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking deleted files in file table" Register --test-no LOGG-2190 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking deleted files in file table"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: checking deleted files but are still in use" logtext "Test: checking deleted files but are still in use"
FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $10 } }' | grep -v "^$" | sort | uniq` FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $10 } }' | grep -v "^$" | sort -u`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
logtext "Result: found one or more files which are deleted, but still in use" logtext "Result: found one or more files which are deleted, but still in use"
for I in ${FIND}; do for I in ${FIND}; do

18
include/tests_networking
View File

@ -151,11 +151,11 @@
FIND=`lscfg -vl ent* | fgrep "Network Address" | cut -d"." -f14 | awk '{ ctr=1; i=1; while (ctr <= 6) { d[ctr++]=substr($0,i,2);i=i+2 } printf("%s:%s:%s:%s:%s:%s\n",d[1],d[2],d[3],d[4],d[5],d[6]) }'` FIND=`lscfg -vl ent* | fgrep "Network Address" | cut -d"." -f14 | awk '{ ctr=1; i=1; while (ctr <= 6) { d[ctr++]=substr($0,i,2);i=i+2 } printf("%s:%s:%s:%s:%s:%s\n",d[1],d[2],d[3],d[4],d[5],d[6]) }'`
;; ;;
DragonFly|FreeBSD) DragonFly|FreeBSD)
FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="ether") print $2 }' | sort | uniq` FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="ether") print $2 }' | sort -u`
;; ;;
Linux) Linux)
if [ ! "${IFCONFIGBINARY}" = "" ]; then if [ ! "${IFCONFIGBINARY}" = "" ]; then
FIND=`${IFCONFIGBINARY} -a | ${GREPBINARY} "HWaddr" | awk '{ if ($4=="HWaddr") print $5 }' | sort | uniq` FIND=`${IFCONFIGBINARY} -a | ${GREPBINARY} "HWaddr" | awk '{ if ($4=="HWaddr") print $5 }' | sort -u`
else else
if [ ! "${IPBINARY}" = "" ]; then if [ ! "${IPBINARY}" = "" ]; then
logtext "Test: Using ip binary to gather hardware addresses" logtext "Test: Using ip binary to gather hardware addresses"
@ -166,16 +166,16 @@
fi fi
;; ;;
MacOS) MacOS)
FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="lladdr" || $1=="ether") print $2 }' | sort | uniq` FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="lladdr" || $1=="ether") print $2 }' | sort -u`
;; ;;
NetBSD) NetBSD)
FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="address:") print $2 }' | sort | uniq` FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="address:") print $2 }' | sort -u`
;; ;;
OpenBSD) OpenBSD)
FIND=`${IFCONFIGBINARY} -A | awk '{ if ($1=="lladdr") print $2 }' | sort | uniq` FIND=`${IFCONFIGBINARY} -A | awk '{ if ($1=="lladdr") print $2 }' | sort -u`
;; ;;
Solaris) Solaris)
FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="ether") print $2 }' | sort | uniq` FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="ether") print $2 }' | sort -u`
;; ;;
*) *)
# Having a system currently unsupported? Share your details to determine MAC information # Having a system currently unsupported? Share your details to determine MAC information
@ -265,7 +265,7 @@
case ${OS} in case ${OS} in
DragonFly|FreeBSD) DragonFly|FreeBSD)
if [ ! "${SOCKSTATBINARY}" = "" ]; then if [ ! "${SOCKSTATBINARY}" = "" ]; then
FIND=`${SOCKSTATBINARY} | awk '{ if ($7 ~ /\*:\*/) print $5"|"$6"|"$2"|" }' | sort | uniq` FIND=`${SOCKSTATBINARY} | awk '{ if ($7 ~ /\*:\*/) print $5"|"$6"|"$2"|" }' | sort -u`
# To strip off IP's: sed 's/|.*:/|/' # To strip off IP's: sed 's/|.*:/|/'
else else
FIND="" FIND=""
@ -304,7 +304,7 @@
NetBSD) NetBSD)
if [ ! "${SOCKSTATBINARY}" = "" ]; then if [ ! "${SOCKSTATBINARY}" = "" ]; then
FIND=`${SOCKSTATBINARY} | awk '{ if ($7 ~ /\*.\*/) print $5"|"$6"|"$2"|" }' | sort | uniq` FIND=`${SOCKSTATBINARY} | awk '{ if ($7 ~ /\*.\*/) print $5"|"$6"|"$2"|" }' | sort -u`
else else
FIND="" FIND=""
fi fi
@ -431,7 +431,7 @@
# Description : Netstat/socktstat compare (FreeBSD) # Description : Netstat/socktstat compare (FreeBSD)
# echo -n " - Comparing output sockstat and netstat" # echo -n " - Comparing output sockstat and netstat"
# logtext "Comparing output of sockstat and netstat" # logtext "Comparing output of sockstat and netstat"
# NETSTATOUTPUT=`netstat -an | grep -v 'TIME_WAIT' | grep -v 'ESTABLISHED' | grep -v 'SYN_SENT' | grep -v 'CLOSE_WAIT' | grep -v 'LAST_ACK' | grep -v 'SYN_RECV' | grep -v 'CLOSING' | cut -c 1-44 | grep '*.' | cut -c 24-32 | tr -d ' ' | tr -d '\t' | grep -v '*' | sort | uniq` # NETSTATOUTPUT=`netstat -an | grep -v 'TIME_WAIT' | grep -v 'ESTABLISHED' | grep -v 'SYN_SENT' | grep -v 'CLOSE_WAIT' | grep -v 'LAST_ACK' | grep -v 'SYN_RECV' | grep -v 'CLOSING' | cut -c 1-44 | grep '*.' | cut -c 24-32 | tr -d ' ' | tr -d '\t' | grep -v '*' | sort -u`
# #
# if [ "${SOCKSTATOUTPUT}" = "${NETSTATOUTPUT}" ]; then # if [ "${SOCKSTATOUTPUT}" = "${NETSTATOUTPUT}" ]; then
# ShowResult OK # ShowResult OK

12
include/tests_ports_packages
View File

@ -224,7 +224,7 @@
COUNT=0 COUNT=0
# Check configuration options (options start with a capital) # Check configuration options (options start with a capital)
logtext "Test: searching configured options in ${PACMANCONF}" logtext "Test: searching configured options in ${PACMANCONF}"
FIND=`grep "^[A-Z]" ${PACMANCONF} | sort | uniq | sed 's/ /:space:/g'` FIND=`grep "^[A-Z]" ${PACMANCONF} | sort -u | sed 's/ /:space:/g'`
for I in ${FIND}; do for I in ${FIND}; do
PMOPTION=`echo ${I} | sed 's/:space:/ /g' | ${AWKBINARY} -F= '{ print $1 }'` PMOPTION=`echo ${I} | sed 's/:space:/ /g' | ${AWKBINARY} -F= '{ print $1 }'`
PMVALUE=`echo ${I} | sed 's/:space:/ /g' | ${AWKBINARY} -F= '{ print $2 }'` PMVALUE=`echo ${I} | sed 's/:space:/ /g' | ${AWKBINARY} -F= '{ print $2 }'`
@ -282,7 +282,7 @@
logtext "Result: Zypper found one or more installed packages which are vulnerable." logtext "Result: Zypper found one or more installed packages which are vulnerable."
ReportWarning ${TEST_NO} "H" "Found one or more vulnerable packages installed" ReportWarning ${TEST_NO} "H" "Found one or more vulnerable packages installed"
# Unfortunately zypper does not properly give back which package it is. Usually best guess is last word on the line # Unfortunately zypper does not properly give back which package it is. Usually best guess is last word on the line
FIND=`${ZYPPERBINARY} lp | ${AWKBINARY} '{ if ($5=="security" || $7=="security") { print $NF }}' | sed 's/:$//' | grep -v "^$" | sort | uniq` FIND=`${ZYPPERBINARY} lp | ${AWKBINARY} '{ if ($5=="security" || $7=="security") { print $NF }}' | sed 's/:$//' | grep -v "^$" | sort -u`
logtext "List of vulnerable packages/version:" logtext "List of vulnerable packages/version:"
for I in ${FIND}; do for I in ${FIND}; do
report "vulnerable_package[]=${I}" report "vulnerable_package[]=${I}"
@ -477,7 +477,7 @@
logtext "Result: pkg_admin audit found one or more installed packages which are vulnerable." logtext "Result: pkg_admin audit found one or more installed packages which are vulnerable."
ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages." ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages."
logtext "List of vulnerable packages/version:" logtext "List of vulnerable packages/version:"
for I in `/usr/sbin/pkg_admin audit | awk '{ print $2 }' | sort | uniq`; do for I in `/usr/sbin/pkg_admin audit | awk '{ print $2 }' | sort -u`; do
report "vulnerable_package[]=${I}" report "vulnerable_package[]=${I}"
logtext "Vulnerable package: ${I}" logtext "Vulnerable package: ${I}"
# Decrease hardening points for every found vulnerable package # Decrease hardening points for every found vulnerable package
@ -516,7 +516,7 @@
#ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages." #ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages."
#ReportSuggestion ${TEST_NO} "Update your system with portupgrade or other tools" #ReportSuggestion ${TEST_NO} "Update your system with portupgrade or other tools"
#logtext "List of vulnerable packages/version:" #logtext "List of vulnerable packages/version:"
#for I in `/usr/sbin/pkg audit -F | grep "Affected package" | cut -d ' ' -f3 | sort | uniq`; do #for I in `/usr/sbin/pkg audit -F | grep "Affected package" | cut -d ' ' -f3 | sort -u`; do
# report "vulnerable_package[]=${I}" # report "vulnerable_package[]=${I}"
# logtext "Vulnerable package: ${I}" # logtext "Vulnerable package: ${I}"
# # Decrease hardening points for every found vulnerable package # # Decrease hardening points for every found vulnerable package
@ -548,7 +548,7 @@
ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages." ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages."
ReportSuggestion ${TEST_NO} "Update your system with portupgrade or other tools" ReportSuggestion ${TEST_NO} "Update your system with portupgrade or other tools"
logtext "List of vulnerable packages/version:" logtext "List of vulnerable packages/version:"
for I in `/usr/local/sbin/portaudit | grep "Affected package" | cut -d ' ' -f3 | sort | uniq`; do for I in `/usr/local/sbin/portaudit | grep "Affected package" | cut -d ' ' -f3 | sort -u`; do
report "vulnerable_package[]=${I}" report "vulnerable_package[]=${I}"
logtext "Vulnerable package: ${I}" logtext "Vulnerable package: ${I}"
# Decrease hardening points for every found vulnerable package # Decrease hardening points for every found vulnerable package
@ -821,7 +821,7 @@
# Trying also with apt-get directly (does not always work, as updates are distributed on both -security and -updates) # Trying also with apt-get directly (does not always work, as updates are distributed on both -security and -updates)
# Show packages which would be upgraded and match 'security' in repository name # Show packages which would be upgraded and match 'security' in repository name
FIND=`/usr/bin/apt-get --dry-run --show-upgraded upgrade 2> /dev/null | grep '-security' | grep "^Inst" | cut -d ' ' -f2 | sort | uniq` FIND=`/usr/bin/apt-get --dry-run --show-upgraded upgrade 2> /dev/null | grep '-security' | grep "^Inst" | cut -d ' ' -f2 | sort -u`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
#Display --indent 2 --text "- Checking vulnerable packages" --result WARNING --color RED #Display --indent 2 --text "- Checking vulnerable packages" --result WARNING --color RED
VULNERABLE_PACKAGES_FOUND=1 VULNERABLE_PACKAGES_FOUND=1

6
include/tests_webservers
View File

@ -132,7 +132,7 @@
# Sort unsorted list, save it in temp file and then remove unsorted list # Sort unsorted list, save it in temp file and then remove unsorted list
if [ -f ${TMPFILE2} ]; then if [ -f ${TMPFILE2} ]; then
sort ${TMPFILE2} | uniq >> ${TMPFILE} sort -u ${TMPFILE2} >> ${TMPFILE}
rm -f ${TMPFILE2} rm -f ${TMPFILE2}
fi fi
cVHOSTS=0; tVHOSTS="" cVHOSTS=0; tVHOSTS=""
@ -442,7 +442,7 @@
done done
# Sort all discovered configuration lines and store unique ones. Also strip out the mime types configured in nginx # Sort all discovered configuration lines and store unique ones. Also strip out the mime types configured in nginx
SORTFILE=`cat ${TMPFILE} | sort | uniq | sed 's/ /:space:/g' | egrep -v "(application|audio|image|text|video)/" | egrep -v "({|})"` SORTFILE=`cat ${TMPFILE} | sort -u | sed 's/ /:space:/g' | egrep -v "(application|audio|image|text|video)/" | egrep -v "({|})"`
for I in ${SORTFILE}; do for I in ${SORTFILE}; do
I=`echo ${I} | sed 's/:space:/ /g'` I=`echo ${I} | sed 's/:space:/ /g'`
report "nginx_config_option=${I}"; report "nginx_config_option=${I}";
@ -667,7 +667,7 @@
logtext "Test: Checking ${I}" logtext "Test: Checking ${I}"
if [ -d ${I} ]; then if [ -d ${I} ]; then
logtext "Result: Directory ${I} exists, so will be used as search path" logtext "Result: Directory ${I} exists, so will be used as search path"
FIND=`find ${I} -type f -exec grep access_log \{\} \; | grep -v "#" | awk '{ if($1=="access_log") { print $2 } }' | sed 's/;$//g' | sort | uniq` FIND=`find ${I} -type f -exec grep access_log \{\} \; | grep -v "#" | awk '{ if($1=="access_log") { print $2 } }' | sed 's/;$//g' | sort -u`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
logtext "Result: no log files found" logtext "Result: no log files found"
else else