diff --git a/include/consts b/include/consts index bb1d63ff..82469ed0 100644 --- a/include/consts +++ b/include/consts @@ -145,6 +145,7 @@ ETC_PATHS="/etc /usr/local/etc" LICENSE_KEY="" LICENSE_SERVER="" LINUX_VERSION="" + LINUX_VERSION_LIKE="" LINUXCONFIGFILE="" LMDBINARY="" LMDFOUND=0 diff --git a/include/osdetection b/include/osdetection index 3c5932ce..0a6cf976 100644 --- a/include/osdetection +++ b/include/osdetection @@ -226,11 +226,13 @@ ;; "kali") LINUX_VERSION="Kali" + LINUX_VERSION_LIKE="Debian" OS_NAME="Kali Linux" OS_VERSION="Rolling release" ;; "linuxmint") LINUX_VERSION="Linux Mint" + LINUX_VERSION_LIKE="Ubuntu" OS_NAME="Linux Mint" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') @@ -278,18 +280,21 @@ ;; "pop") LINUX_VERSION="Pop!_OS" + LINUX_VERSION_LIKE="Ubuntu" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_NAME="Pop!_OS" ;; "pureos") LINUX_VERSION="PureOS" + LINUX_VERSION_LIKE="Debian" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_NAME="PureOS" ;; "raspbian") LINUX_VERSION="Raspbian" + LINUX_VERSION_LIKE="Debian" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_NAME="Raspbian" @@ -378,31 +383,32 @@ # CPUBuilders Linux if [ -e "/etc/cpub-release" ]; then OS_FULLNAME=$(cat /etc/cpub-release); fi - # Debian/Ubuntu (***) - Set first to Debian - if [ -e "/etc/debian_version" ]; then + if [ -z "${LINUX_VERSION}" ] && [ -e "/etc/debian_version" ]; then + # Debian/Ubuntu (***) - Set first to Debian OS_VERSION=$(cat /etc/debian_version) OS_FULLNAME="Debian ${OS_VERSION}" LINUX_VERSION="Debian" - fi - # /etc/lsb-release does not exist on Debian - if [ -e "/etc/debian_version" -a -e /etc/lsb-release ]; then - OS_VERSION=$(cat /etc/debian_version) - FIND=$(grep "^DISTRIB_ID=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g') - if [ "${FIND}" = "Ubuntu" ]; then - OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2) - OS_FULLNAME="Ubuntu ${OS_VERSION}" - LINUX_VERSION="Ubuntu" - elif [ "${FIND}" = "elementary OS" ]; then - LINUX_VERSION="elementary OS" - OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2) - OS_FULLNAME=$(grep "^DISTRIB_DESCRIPTION=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g') - else - # Catch all, in case it's unclear what specific release this is. - OS_FULLNAME="Debian ${OS_VERSION}" - LINUX_VERSION="Debian" + # /etc/lsb-release does not exist on Debian + if [ -e /etc/lsb-release ]; then + OS_VERSION=$(cat /etc/debian_version) + FIND=$(grep "^DISTRIB_ID=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g') + if [ "${FIND}" = "Ubuntu" ]; then + OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2) + OS_FULLNAME="Ubuntu ${OS_VERSION}" + LINUX_VERSION="Ubuntu" + elif [ "${FIND}" = "elementary OS" ]; then + LINUX_VERSION="elementary OS" + LINUX_VERSION_LIKE="Ubuntu" + OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2) + OS_FULLNAME=$(grep "^DISTRIB_DESCRIPTION=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g') + else + # Catch all, in case it's unclear what specific release this is. + OS_FULLNAME="Debian ${OS_VERSION}" + LINUX_VERSION="Debian" + fi + # Ubuntu test (optional) $(grep "[Uu]buntu" /proc/version) fi - # Ubuntu test (optional) $(grep "[Uu]buntu" /proc/version) fi # Override for Linux Mint, as that is initially detected as Debian or Ubuntu @@ -410,6 +416,8 @@ FIND=$(lsb_release --id | awk -F: '{ print $2 }' | awk '{ print $1 }') if [ "${FIND}" = "LinuxMint" ]; then LINUX_VERSION="Linux Mint" + # LMDE (Linux Mint Debian Edition) should be detected as Debian + LINUX_VERSION_LIKE="Ubuntu" OS_VERSION=$(lsb_release --release | awk '{ print $2 }') OS_FULLNAME="Linux Mint ${OS_VERSION}" fi diff --git a/include/tests_boot_services b/include/tests_boot_services index 7d6feeec..01310f7b 100644 --- a/include/tests_boot_services +++ b/include/tests_boot_services @@ -712,7 +712,13 @@ # Test : BOOT-5180 # Description : Check for Linux boot services (Debian style) # Notes : Debian 8+ shows runlevel 5 - if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] || + [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]; then + PREQS_MET="YES" + else + PREQS_MET="NO" + fi + Register --test-no BOOT-5180 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for Linux boot services (Debian style)" if [ ${SKIPTEST} -eq 0 ]; then # Runlevel check diff --git a/include/tests_kernel b/include/tests_kernel index 75f7bffc..5f6d0459 100644 --- a/include/tests_kernel +++ b/include/tests_kernel @@ -81,7 +81,7 @@ fi else LogText "Result: file ${ROOTDIR}etc/inittab not found" - if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then + if [ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] || [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]; then LogText "Test: Checking run level with who -r, for Debian based systems" FIND=$(who -r | ${AWKBINARY} '{ if ($1=="run-level") { print $2 } }') if HasData "${FIND}"; then @@ -368,7 +368,12 @@ # # Test : KRNL-5788 # Description : Checking availability new kernel - if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] || + [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]; then + PREQS_MET="YES" + else + PREQS_MET="NO" + fi Register --test-no KRNL-5788 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking availability new Linux kernel" if [ ${SKIPTEST} -eq 0 ]; then HAS_VMLINUZ=0 diff --git a/include/tests_ports_packages b/include/tests_ports_packages index 2e827813..0a4b77bc 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -600,8 +600,8 @@ # # Test : PKGS-7366 # Description : Checking if debsecan is installed and enabled on Debian systems - if [ -n "${DEBSECANBINARY}" -a "${OS}" = "Linux" -a "${LINUX_VERSION}" = "Debian" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no "PKGS-7366" --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for debsecan utility" + if [ -n "${DEBSECANBINARY}" ] && ( [ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Debian" ] ); then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no "PKGS-7366" --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --category security --description "Checking for debsecan utility" if [ ${SKIPTEST} -eq 0 ]; then if [ -n "${DEBSECANBINARY}" ]; then LogText "Result: debsecan utility is installed" @@ -986,7 +986,9 @@ PREQS_MET="NO" if [ -f ${ROOTDIR}etc/apt/sources.list -a -d ${ROOTDIR}etc/apt/sources.list.d ]; then case "${LINUX_VERSION}" in - "Debian" | "Linux Mint" | "Ubuntu") + "Debian" | "Linux Mint" | "Ubuntu" | "Pop!_OS") + # Todo: PureOS (not rolling) has security repositories + # Todo: Debian sid does not have a security repository. PREQS_MET="YES" ;; *) @@ -1042,7 +1044,13 @@ # # Test : PKGS-7390 # Description : Check Ubuntu database consistency - if [ "${LINUX_VERSION}" = "Ubuntu" -a -x ${ROOTDIR}usr/bin/apt-get ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if ([ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] || + [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]) && [ -x "${ROOTDIR}usr/bin/apt-get" ]; then + PREQS_MET="YES" + else + PREQS_MET="NO" + fi + Register --test-no PKGS-7390 --os Linux --preqs-met ${PREQS_MET} --root-only YES --weight L --network NO --category security --description "Check Ubuntu database consistency" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Package database consistency by running apt-get check" @@ -1191,7 +1199,13 @@ # # Test : PKGS-7394 # Description : Check Ubuntu upgradeable packages - if [ "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if ([ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] || + [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]) && [ -x "${ROOTDIR}usr/bin/apt-get" ]; then + PREQS_MET="YES" + else + PREQS_MET="NO" + fi + Register --test-no PKGS-7394 --os Linux --preqs-met ${PREQS_MET} --weight L --network YES --category security --description "Check for Ubuntu updates" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: checking ${ROOTDIR}usr/bin/apt-show-versions" @@ -1329,37 +1343,39 @@ case "${OS}" in "Linux") - case "${LINUX_VERSION}" in - "CentOS" | "Debian" | "Fedora" | "RHEL" | "Ubuntu") - + for DIST in CentOS Debian Fedora RHEL Ubuntu; do + if [ "${LINUX_VERSION}" = "${DIST}" ] || [ "${LINUX_VERSION_LIKE}" = "${DIST}" ]; then UNATTENDED_UPGRADES_OPTION_AVAILABLE=1 - # Test available tools for Linux - if [ -f "${ROOTDIR}bin/auter" ]; then - UNATTENDED_UPGRADES_TOOL="auter" - UNATTENDED_UPGRADES_TOOLKIT=1 - LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" - Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" - fi - if [ -f "${ROOTDIR}sbin/yum-cron" ]; then - UNATTENDED_UPGRADES_TOOL="yum-cron" - UNATTENDED_UPGRADES_TOOLKIT=1 - LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" - Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" - fi - if [ -f "${ROOTDIR}usr/bin/dnf-automatic" ]; then - UNATTENDED_UPGRADES_TOOL="dnf-automatic" - UNATTENDED_UPGRADES_TOOLKIT=1 - LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" - Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" - fi - if [ -f "${ROOTDIR}usr/bin/unattended-upgrade" ]; then - UNATTENDED_UPGRADES_TOOL="unattended-upgrade" - UNATTENDED_UPGRADES_TOOLKIT=1 - LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" - Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" - fi - ;; - esac + fi + done + + if [ $UNATTENDED_UPGRADES_OPTION_AVAILABLE -eq 1 ]; then + # Test available tools for Linux + if [ -f "${ROOTDIR}bin/auter" ]; then + UNATTENDED_UPGRADES_TOOL="auter" + UNATTENDED_UPGRADES_TOOLKIT=1 + LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" + Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" + fi + if [ -f "${ROOTDIR}sbin/yum-cron" ]; then + UNATTENDED_UPGRADES_TOOL="yum-cron" + UNATTENDED_UPGRADES_TOOLKIT=1 + LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" + Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" + fi + if [ -f "${ROOTDIR}usr/bin/dnf-automatic" ]; then + UNATTENDED_UPGRADES_TOOL="dnf-automatic" + UNATTENDED_UPGRADES_TOOLKIT=1 + LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" + Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" + fi + if [ -f "${ROOTDIR}usr/bin/unattended-upgrade" ]; then + UNATTENDED_UPGRADES_TOOL="unattended-upgrade" + UNATTENDED_UPGRADES_TOOLKIT=1 + LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" + Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" + fi + fi ;; esac