tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-23 22:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Change permissions check to enable a non-privileged scan

Browse Source
This commit is contained in:
mboelen 2014-09-08 14:17:53 +02:00
parent fe08018029
commit c5b9e186e2
1 changed files with 33 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
lynis
View File

@ -5,8 +5,8 @@
# Lynis # Lynis
# ------------------ # ------------------
# #
# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands # Copyright 2007-2014, Michael Boelen (michael.boelen@cisofy.com), The Netherlands
# Web site: http://www.rootkit.nl # Web site: http://www.cisofy.com
# #
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License. # welcome to redistribute it under the terms of the GNU General Public License.
@ -20,10 +20,10 @@
# #
# Program information # Program information
PROGRAM_name="Lynis" PROGRAM_name="Lynis"
PROGRAM_version="1.6.0" PROGRAM_version="1.6.1"
PROGRAM_releasedate="27 August 2014" PROGRAM_releasedate="8 September 2014"
PROGRAM_author="Michael Boelen" PROGRAM_author="Michael Boelen"
PROGRAM_author_contact="michael@cisofy.com" PROGRAM_author_contact="michael.boelen@cisofy.com"
PROGRAM_website="http://cisofy.com" PROGRAM_website="http://cisofy.com"
PROGRAM_copyright="Copyright 2007-2014 - ${PROGRAM_author}, ${PROGRAM_website}" PROGRAM_copyright="Copyright 2007-2014 - ${PROGRAM_author}, ${PROGRAM_website}"
PROGRAM_license="${PROGRAM_name} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are PROGRAM_license="${PROGRAM_name} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
@ -32,7 +32,7 @@
PROGRAM_extrainfo="Enterprise support and plugins available via CISOfy - http://cisofy.com" PROGRAM_extrainfo="Enterprise support and plugins available via CISOfy - http://cisofy.com"
# Release version (beta or final) # Release version (beta or final)
PROGRAM_releasetype="final" PROGRAM_releasetype="beta"
# Version number of report files (when format changes in future) # Version number of report files (when format changes in future)
REPORT_version_major="1"; REPORT_version_minor="0" REPORT_version_major="1"; REPORT_version_minor="0"
REPORT_version="${REPORT_version_major}.${REPORT_version_minor}" REPORT_version="${REPORT_version_major}.${REPORT_version_minor}"
@ -71,13 +71,6 @@
else else
MYID=`id -u` MYID=`id -u`
fi fi
if [ ! ${MYID} -eq 0 ]; then
echo ""; echo ""; echo "Fatal error: Lynis can not be executed with this user ID."
echo ""
echo " * You have to be root (or equivalent) to perform an audit. Please su(do) and try again."
echo ""; echo ""
exit 1
fi
# #
################################################################################# #################################################################################
# #
@ -104,12 +97,12 @@
if [ ! "${PERMS2}" = "r--------" -a ! "${PERMS2}" = "rw-------" ]; then if [ ! "${PERMS2}" = "r--------" -a ! "${PERMS2}" = "rw-------" ]; then
ISSUE=1; echo "[!] Change file permissions of ${INCLUDEDIR}/functions to 600." ISSUE=1; echo "[!] Change file permissions of ${INCLUDEDIR}/functions to 600."
fi fi
# Check if owner of both files is root user # Check if owner of both files is root user, or the same user which is running Lynis (for pentester mode)
if [ ! "${OWNER}" = "root" -a ! "${OWNERID}" = "0" ]; then if [ ! "${OWNER}" = "root" -a ! "${OWNERID}" = "0" -a ! "${MYID}" = "${OWNER2ID}" ]; then
ISSUE=1; echo "[!] Change ownership of ${INCLUDEDIR}/consts to 'root' or similar (found: ${OWNER} with UID ${OWNERID})." ISSUE=1; echo "[!] Change ownership of ${INCLUDEDIR}/consts to 'root' or similar (found: ${OWNER} with UID ${OWNERID})."
fi fi
# Check if owner of both files is root user # Check if owner of both files is root user, or the same user which is running Lynis (for pentester mode)
if [ ! "${OWNER2}" = "root" -a ! "${OWNER2ID}" = "0" ]; then if [ ! "${OWNER2}" = "root" -a ! "${OWNER2ID}" = "0" -a ! "${MYID}" = "${OWNER2ID}" ]; then
ISSUE=1; echo "[!] Change ownership of ${INCLUDEDIR}/functions to 'root' or similar (found: ${OWNER2} with UID ${OWNER2ID})." ISSUE=1; echo "[!] Change ownership of ${INCLUDEDIR}/functions to 'root' or similar (found: ${OWNER2} with UID ${OWNER2ID})."
fi fi
@ -142,6 +135,29 @@
# Drop out on unintialised variables / fatal errors # Drop out on unintialised variables / fatal errors
#set -u #set -u
# #
#
#################################################################################
#
# Parameter checks
#
#################################################################################
#
SafePerms ${INCLUDEDIR}/parameters
. ${INCLUDEDIR}/parameters
# Now determine if we are root (UID 0), unless using pentesting mode
if [ ! ${MYID} -eq 0 -a ${PENTESTINGMODE} -eq 0 ]; then
echo ""; echo ""; echo "Fatal error: Lynis can not be executed with this user ID."
echo ""
echo " * You have to be root (or equivalent) to perform an audit."
echo ""
echo " How to solve:"
echo " - Option 1: su(do) and try again as root user"
echo " - Option 2: run Lynis in pentest mode (not preferred for normal audits)"
echo ""; echo ""
exit 1
fi
#
################################################################################# #################################################################################
# #
# Plugins # Plugins
@ -169,16 +185,6 @@
# #
################################################################################# #################################################################################
# #
# Parameter checks
#
#################################################################################
#
SafePerms ${INCLUDEDIR}/parameters
. ${INCLUDEDIR}/parameters
#
#################################################################################
#
# Program information # Program information
# #
################################################################################# #################################################################################