tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-31 01:34:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

New single user mode test for systemd, improvements for FreeBSD and better detection of init process on Linux

Browse Source
This commit is contained in:
mboelen 2014-12-09 18:11:21 +01:00
parent fb1bdbeaf4
commit c7a242a020
1 changed files with 41 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
include/tests_boot_services
View File

@ -64,10 +64,11 @@
case ${OS} in case ${OS} in
"Linux") "Linux")
if [ -f /proc/1/cmdline ]; then if [ -f /proc/1/cmdline ]; then
FILE=`cat /proc/1/cmdline` FILE=`cat /proc/1/cmdline | grep "^/" | awk '{ print $1 }'`
if [ -L ${FILE} ]; then if [ ! "${FILE}" = "" ]; then
ShowSymlinkPath ${FILE} if [ -L ${FILE} ]; then
if [ -f ${sFILE} ]; then ShowSymlinkPath ${FILE}
if [ -f ${sFILE} ]; then
SHORTNAME=`echo ${sFILE} | awk -F/ '{ print $NF }'` SHORTNAME=`echo ${sFILE} | awk -F/ '{ print $NF }'`
case ${SHORTNAME} in case ${SHORTNAME} in
upstart) upstart)
@ -82,12 +83,15 @@
esac esac
else else
logtext "Result: Could not find linked file ${sFILE}" logtext "Result: Could not find linked file ${sFILE}"
fi
else
FIND=`echo ${FILE} | grep "/systemd"`
if [ ! "${FIND}" = "" ]; then
SERVICE_MANAGER="systemd"
fi
fi fi
else else
FIND=`echo ${FILE} | grep "/systemd"` logtext "Result: /proc/1/cmdline does not link to a binary on disk"
if [ ! "${FIND}" = "" ]; then
SERVICE_MANAGER="systemd"
fi
fi fi
fi fi
# Continue testing if we didn't find it yet # Continue testing if we didn't find it yet
@ -634,7 +638,7 @@
fi fi
;; ;;
DragonFly|MacOS) DragonFly|FreeBSD|MacOS)
if [ ! "${SYSCTLBINARY}" = "" ]; then if [ ! "${SYSCTLBINARY}" = "" ]; then
FIND=`${SYSCTLBINARY} kern.boottime | awk '{ print $5 }' | sed -e 's/,//' | grep "[0-9]"` FIND=`${SYSCTLBINARY} kern.boottime | awk '{ print $5 }' | sed -e 's/,//' | grep "[0-9]"`
else else
@ -690,6 +694,34 @@
# #
################################################################################# #################################################################################
# #
# Test : BOOT-5260
# Description : Check single user mode for systemd
Register --test-no BOOT-5260 --weight L --network NO --description "Check single user mode for systemd"
if [ ${SKIPTEST} -eq 0 ]; then
# Check if file exists
logtext "Test: Searching /usr/lib/systemd/system/rescue.service"
if [ -f /usr/lib/systemd/system/rescue.service ]; then
logtext "Result: file /usr/lib/systemd/system/rescue.service"
logtext "Test: checking presence sulogin for single user mode"
FIND=`grep "^ExecStart=-/sbin/sulogin" /usr/lib/systemd/system/rescue.service`
if [ ! "${FIND}" = "" ]; then
FOUND=1
logtext "Result: found sulogin, so single user is protected"
AddHP 3 3
else
logtext "Result: did not find sulogin in rescue.service"
AddHP 1 3
Display --indent 2 --text "- Checking sulogin in rescue.service" --result "NOT FOUND" --color YELLOW
ReportSuggestion "Protect rescue.service by using sulogin"
fi
else
logtext "Result: file /usr/lib/systemd/system/rescue.service does not exist"
fi
fi
#
#################################################################################
#
report "boot_loader=${BOOT_LOADER}" report "boot_loader=${BOOT_LOADER}"
report "service_manager=${SERVICE_MANAGER}" report "service_manager=${SERVICE_MANAGER}"