mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-31 01:34:23 +02:00
New single user mode test for systemd, improvements for FreeBSD and better detection of init process on Linux
This commit is contained in:
parent
fb1bdbeaf4
commit
c7a242a020
@ -64,10 +64,11 @@
|
|||||||
case ${OS} in
|
case ${OS} in
|
||||||
"Linux")
|
"Linux")
|
||||||
if [ -f /proc/1/cmdline ]; then
|
if [ -f /proc/1/cmdline ]; then
|
||||||
FILE=`cat /proc/1/cmdline`
|
FILE=`cat /proc/1/cmdline | grep "^/" | awk '{ print $1 }'`
|
||||||
if [ -L ${FILE} ]; then
|
if [ ! "${FILE}" = "" ]; then
|
||||||
ShowSymlinkPath ${FILE}
|
if [ -L ${FILE} ]; then
|
||||||
if [ -f ${sFILE} ]; then
|
ShowSymlinkPath ${FILE}
|
||||||
|
if [ -f ${sFILE} ]; then
|
||||||
SHORTNAME=`echo ${sFILE} | awk -F/ '{ print $NF }'`
|
SHORTNAME=`echo ${sFILE} | awk -F/ '{ print $NF }'`
|
||||||
case ${SHORTNAME} in
|
case ${SHORTNAME} in
|
||||||
upstart)
|
upstart)
|
||||||
@ -82,12 +83,15 @@
|
|||||||
esac
|
esac
|
||||||
else
|
else
|
||||||
logtext "Result: Could not find linked file ${sFILE}"
|
logtext "Result: Could not find linked file ${sFILE}"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
FIND=`echo ${FILE} | grep "/systemd"`
|
||||||
|
if [ ! "${FIND}" = "" ]; then
|
||||||
|
SERVICE_MANAGER="systemd"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
FIND=`echo ${FILE} | grep "/systemd"`
|
logtext "Result: /proc/1/cmdline does not link to a binary on disk"
|
||||||
if [ ! "${FIND}" = "" ]; then
|
|
||||||
SERVICE_MANAGER="systemd"
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
# Continue testing if we didn't find it yet
|
# Continue testing if we didn't find it yet
|
||||||
@ -634,7 +638,7 @@
|
|||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
DragonFly|MacOS)
|
DragonFly|FreeBSD|MacOS)
|
||||||
if [ ! "${SYSCTLBINARY}" = "" ]; then
|
if [ ! "${SYSCTLBINARY}" = "" ]; then
|
||||||
FIND=`${SYSCTLBINARY} kern.boottime | awk '{ print $5 }' | sed -e 's/,//' | grep "[0-9]"`
|
FIND=`${SYSCTLBINARY} kern.boottime | awk '{ print $5 }' | sed -e 's/,//' | grep "[0-9]"`
|
||||||
else
|
else
|
||||||
@ -690,6 +694,34 @@
|
|||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
|
# Test : BOOT-5260
|
||||||
|
# Description : Check single user mode for systemd
|
||||||
|
Register --test-no BOOT-5260 --weight L --network NO --description "Check single user mode for systemd"
|
||||||
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
|
# Check if file exists
|
||||||
|
logtext "Test: Searching /usr/lib/systemd/system/rescue.service"
|
||||||
|
if [ -f /usr/lib/systemd/system/rescue.service ]; then
|
||||||
|
logtext "Result: file /usr/lib/systemd/system/rescue.service"
|
||||||
|
logtext "Test: checking presence sulogin for single user mode"
|
||||||
|
FIND=`grep "^ExecStart=-/sbin/sulogin" /usr/lib/systemd/system/rescue.service`
|
||||||
|
if [ ! "${FIND}" = "" ]; then
|
||||||
|
FOUND=1
|
||||||
|
logtext "Result: found sulogin, so single user is protected"
|
||||||
|
AddHP 3 3
|
||||||
|
else
|
||||||
|
logtext "Result: did not find sulogin in rescue.service"
|
||||||
|
AddHP 1 3
|
||||||
|
Display --indent 2 --text "- Checking sulogin in rescue.service" --result "NOT FOUND" --color YELLOW
|
||||||
|
ReportSuggestion "Protect rescue.service by using sulogin"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logtext "Result: file /usr/lib/systemd/system/rescue.service does not exist"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
#
|
||||||
|
#################################################################################
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
report "boot_loader=${BOOT_LOADER}"
|
report "boot_loader=${BOOT_LOADER}"
|
||||||
report "service_manager=${SERVICE_MANAGER}"
|
report "service_manager=${SERVICE_MANAGER}"
|
||||||
|
Loading…
x
Reference in New Issue
Block a user