tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow multiple profiles

This commit is contained in:
mboelen 2016-04-07 16:24:11 +02:00
parent 78167f37f2
commit c7c400f038
1 changed files with 32 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
lynis
View File

@ -32,8 +32,9 @@
PROGRAM_AUTHOR_CONTACT="lynis-dev@cisofy.com" PROGRAM_AUTHOR_CONTACT="lynis-dev@cisofy.com"
# Version details # Version details
PROGRAM_RELEASEDATE="2016-04-04" PROGRAM_RELEASE_DATE="2016-04-07"
PROGRAM_RELEASE_TIMESTAMP=1459768802 PROGRAM_RELEASE_TIMESTAMP=1459768802
PROGRAM_RELEASETYPE="dev" # dev or final
PROGRAM_VERSION="2.2.1" PROGRAM_VERSION="2.2.1"
# Source, documentation and license # Source, documentation and license
@ -45,9 +46,6 @@
See the LICENSE file for details about using this software." See the LICENSE file for details about using this software."
PROGRAM_EXTRAINFO="Enterprise support and plugins available via CISOfy" PROGRAM_EXTRAINFO="Enterprise support and plugins available via CISOfy"
# Release version (beta or final)
PROGRAM_RELEASETYPE="final"
# Version number of report files (when format changes in future) # Version number of report files (when format changes in future)
REPORT_version_major="1"; REPORT_version_minor="0" REPORT_version_major="1"; REPORT_version_minor="0"
REPORT_version="${REPORT_version_major}.${REPORT_version_minor}" REPORT_version="${REPORT_version_major}.${REPORT_version_minor}"
@ -278,27 +276,35 @@ ${NORMAL}
# #
InsertSection "Initializing program" InsertSection "Initializing program"
# Try to find a default profile file, if none is specified # Try to find a default and custom profile, unless one was specified manually
if [ "${PROFILE}" = "" ]; then if [ "${PROFILE}" = "" ]; then
tPROFILE_TARGETS="/usr/local/etc/lynis/default.prf /etc/lynis/default.prf /usr/local/lynis/default.prf ./default.prf" tPROFILE_NAMES="default.prf custom.prf"
for I in ${tPROFILE_TARGETS}; do tPROFILE_TARGETS="/usr/local/etc/lynis /etc/lynis /usr/local/lynis ."
if [ -f ${I} ]; then PROFILE=${I}; fi for PNAME in ${tPROFILE_NAMES}; do
for PLOC in ${tPROFILE_TARGETS}; do
FILE="${PLOC}/${PNAME}"
if [ -r ${FILE} ]; then
PROFILE=${FILE}
PROFILES="${PROFILES} ${PROFILE}"
fi
done
done done
fi fi
if [ "${PROFILE}" = "" ]; then if [ "${PROFILES}" = "" ]; then
echo "${RED}Fatal error: ${WHITE}No profile defined and could not find default profile${NORMAL}" echo "${RED}Fatal error: ${WHITE}No profile defined and could not find default profile${NORMAL}"
echo "Search paths used --> ${tPROFILE_TARGETS}" echo "Search paths used --> ${tPROFILE_TARGETS}"
ExitCustom 66 ExitCustom 66
else
PROFILES=`echo ${PROFILES} | sed 's/^ //'`
fi fi
if [ ${SHOW_SETTINGS_FILE} -eq 1 ]; then if [ ${SHOW_SETTINGS_FILE} -eq 1 ]; then
echo "Settings file: ${PROFILE}" echo "Settings file(s): ${PROFILES}"
echo ""; echo "" echo ""; echo ""
ExitClean ExitClean
fi fi
# Initialize and check profile file, auditor name, log file and report file # Initialize and check profile file, auditor name, log file and report file
if [ ! -r ${PROFILE} ]; then echo "Fatal error: Can't open profile file (${PROFILE})"; exit 1; fi
if [ "${AUDITORNAME}" = "" ]; then AUDITORNAME="[Unknown]"; fi if [ "${AUDITORNAME}" = "" ]; then AUDITORNAME="[Unknown]"; fi
if [ "${LOGFILE}" = "" ]; then LOGFILE="/var/log/lynis.log"; fi if [ "${LOGFILE}" = "" ]; then LOGFILE="/var/log/lynis.log"; fi
if [ "${REPORTFILE}" = "" ]; then REPORTFILE="/var/log/lynis-report.dat"; fi if [ "${REPORTFILE}" = "" ]; then REPORTFILE="/var/log/lynis-report.dat"; fi
@ -485,7 +491,7 @@ ${NORMAL}
################################################################################# #################################################################################
# #
# Clear log file and test if it's writable # Clear log file and test if it's writable
echo "### Starting ${PROGRAM_NAME} ${PROGRAM_VERSION} with PID ${OURPID}, build date ${PROGRAM_RELEASEDATE} ###" > ${LOGFILE} echo "### Starting ${PROGRAM_NAME} ${PROGRAM_VERSION} with PID ${OURPID}, build date ${PROGRAM_RELEASE_DATE} ###" > ${LOGFILE}
if [ $? -gt 0 ]; then if [ $? -gt 0 ]; then
Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result WARNING --color RED Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result WARNING --color RED
echo "${WARNING}Fatal error${NORMAL}: problem while writing to log file. Check location and permissions." echo "${WARNING}Fatal error${NORMAL}: problem while writing to log file. Check location and permissions."
@ -534,7 +540,7 @@ ${NORMAL}
echo " Hardware platform: ${HARDWARE}" echo " Hardware platform: ${HARDWARE}"
echo " Hostname: ${HOSTNAME}" echo " Hostname: ${HOSTNAME}"
echo " Auditor: ${AUDITORNAME}" echo " Auditor: ${AUDITORNAME}"
echo " Profile: ${PROFILE}" echo " Profiles: ${PROFILES}"
echo " Log file: ${LOGFILE}" echo " Log file: ${LOGFILE}"
echo " Report file: ${REPORTFILE}" echo " Report file: ${REPORTFILE}"
echo " Report version: ${REPORT_version}" echo " Report version: ${REPORT_version}"
@ -555,7 +561,7 @@ ${NORMAL}
logtext "-----------------------------------------------------" logtext "-----------------------------------------------------"
logtext "Hostname: ${HOSTNAME}" logtext "Hostname: ${HOSTNAME}"
logtext "Auditor: ${AUDITORNAME}" logtext "Auditor: ${AUDITORNAME}"
logtext "Profile: ${PROFILE}" logtext "Profiles: ${PROFILES}"
logtext "Include directory: ${INCLUDEDIR}" logtext "Include directory: ${INCLUDEDIR}"
logtext "Plugin directory: ${PLUGINDIR}" logtext "Plugin directory: ${PLUGINDIR}"
logtext "-----------------------------------------------------" logtext "-----------------------------------------------------"
@ -728,9 +734,18 @@ ${NORMAL}
FIND2=`grep "^# PLUGIN_NAME=" ${PLUGIN_FILE} | awk -F= '{ print $2 }'` FIND2=`grep "^# PLUGIN_NAME=" ${PLUGIN_FILE} | awk -F= '{ print $2 }'`
if [ ! "${FIND2}" = "" -a ! "${FIND2}" = "[plugin_name]" ]; then if [ ! "${FIND2}" = "" -a ! "${FIND2}" = "[plugin_name]" ]; then
if [ ${PLUGIN_PHASE} -eq 1 ]; then N_PLUGIN=`expr ${N_PLUGIN} + 1`; fi if [ ${PLUGIN_PHASE} -eq 1 ]; then N_PLUGIN=`expr ${N_PLUGIN} + 1`; fi
# Check if the plugin is enabled in any of the profiles
PLUGIN_ENABLED_STATE=0
for PROFILE in ${PROFILES}; do
logtext "Action: checking plugin status in profile: ${PROFILE}"
FIND3=`grep "^plugin=${FIND2}" ${PROFILE}` FIND3=`grep "^plugin=${FIND2}" ${PROFILE}`
if [ ! "${FIND3}" = "" ]; then if [ ! "${FIND3}" = "" ]; then
logtext "Plugin ${FIND2} is enabled" logtext "Result: plugin enabled in profile (${PROFILE})"
PLUGIN_ENABLED_STATE=1
fi
done
if [ ${PLUGIN_ENABLED_STATE} -eq 1 ]; then
logtext "Result: plugin ${FIND2} is enabled"
# Plugins should have at least a _phase1 part, _phase2 is optional at this moment # Plugins should have at least a _phase1 part, _phase2 is optional at this moment
PLUGINFILE="${PLUGINDIR}/plugin_${FIND2}_phase${PLUGIN_PHASE}" PLUGINFILE="${PLUGINDIR}/plugin_${FIND2}_phase${PLUGIN_PHASE}"
if [ -f ${PLUGINFILE} ]; then if [ -f ${PLUGINFILE} ]; then