tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Only check empty binaries when we did a full scan, as for some commands the binary scanning is not performed

This commit is contained in:
Michael Boelen 2019-07-05 18:37:10 +02:00
parent 8d4fd1a7aa
commit c639cb4f6e
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 25 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
include/binaries
View File

@ -279,6 +279,7 @@
LogText "Result: Directory ${SCANDIR} does NOT exist" LogText "Result: Directory ${SCANDIR} does NOT exist"
fi fi
done done
# unset SORTED_BIN_PATHS # unset SORTED_BIN_PATHS
BINARY_SCAN_FINISHED=1 BINARY_SCAN_FINISHED=1
BINARY_PATHS_FOUND=$(echo ${BINARY_PATHS_FOUND} | sed 's/^, //g' | sed 's/ //g') BINARY_PATHS_FOUND=$(echo ${BINARY_PATHS_FOUND} | sed 's/^, //g' | sed 's/ //g')
@ -286,31 +287,34 @@
LogText "Result: found ${COUNT} binaries" LogText "Result: found ${COUNT} binaries"
Report "binaries_count=${COUNT}" Report "binaries_count=${COUNT}"
Report "binary_paths=${BINARY_PATHS_FOUND}" Report "binary_paths=${BINARY_PATHS_FOUND}"
# Test if the basic system tools are defined. These will be used during the audit.
[ "${AWKBINARY:-}" ] || ExitFatal "awk binary not found"
[ "${CUTBINARY:-}" ] || ExitFatal "cut binary not found"
[ "${EGREPBINARY:-}" ] || ExitFatal "grep binary not found"
[ "${FINDBINARY:-}" ] || ExitFatal "find binary not found"
[ "${GREPBINARY:-}" ] || ExitFatal "grep binary not found"
[ "${HEADBINARY:-}" ] || ExitFatal "head binary not found"
[ "${LSBINARY:-}" ] || ExitFatal "ls binary not found"
[ "${PSBINARY:-}" ] || ExitFatal "ps binary not found"
[ "${SEDBINARY:-}" ] || ExitFatal "sed binary not found"
[ "${SORTBINARY:-}" ] || ExitFatal "sort binary not found"
[ "${TRBINARY:-}" ] || ExitFatal "tr binary not found"
[ "${UNIQBINARY:-}" ] || ExitFatal "uniq binary not found"
[ "${WCBINARY:-}" ] || ExitFatal "wc binary not found"
# Test a few other tools that we did not specifically define (yet)
TOOLS="xxd"
for T in ${TOOLS}; do
DATA=$(type ${T})
if [ $? -gt 0 ]; then ExitFatal "${T} binary not found"; fi
done
else else
LogText "Result: checking of binaries skipped in this mode" LogText "Result: checking of binaries skipped in this mode"
fi fi
# Test if the basic system tools are defined. These will be used during the audit.
[ "${AWKBINARY:-}" ] || ExitFatal "awk binary not found"
[ "${CUTBINARY:-}" ] || ExitFatal "cut binary not found"
[ "${EGREPBINARY:-}" ] || ExitFatal "grep binary not found"
[ "${FINDBINARY:-}" ] || ExitFatal "find binary not found"
[ "${GREPBINARY:-}" ] || ExitFatal "grep binary not found"
[ "${HEADBINARY:-}" ] || ExitFatal "head binary not found"
[ "${LSBINARY:-}" ] || ExitFatal "ls binary not found"
[ "${PSBINARY:-}" ] || ExitFatal "ps binary not found"
[ "${SEDBINARY:-}" ] || ExitFatal "sed binary not found"
[ "${SORTBINARY:-}" ] || ExitFatal "sort binary not found"
[ "${TRBINARY:-}" ] || ExitFatal "tr binary not found"
[ "${UNIQBINARY:-}" ] || ExitFatal "uniq binary not found"
[ "${WCBINARY:-}" ] || ExitFatal "wc binary not found"
# Test a few other tools that we did not specifically define (yet)
TOOLS="xxd"
for T in ${TOOLS}; do
DATA=$(type ${T})
if [ $? -gt 0 ]; then ExitFatal "${T} binary not found"; fi
done
# #
#================================================================================ #================================================================================