tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-29 00:34:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1062 from Varbin/solaris-loghost-not-localhost

Browse Source 
Test if loghost is not localhost
This commit is contained in:
Michael Boelen 2020-12-17 14:18:31 +01:00 committed by GitHub
commit c9a57d2caf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
db/tests.db
View File

@ -230,6 +230,7 @@ LOGG-2146:test:security:logging::Checking logrotate.conf and logrotate.d:
LOGG-2148:test:security:logging::Checking logrotated files: LOGG-2148:test:security:logging::Checking logrotated files:
LOGG-2150:test:security:logging::Checking directories in logrotate configuration: LOGG-2150:test:security:logging::Checking directories in logrotate configuration:
LOGG-2152:test:security:logging::Checking loghost: LOGG-2152:test:security:logging::Checking loghost:
LOGG-2153:test:security:logging::Checking loghost is not localhost:
LOGG-2154:test:security:logging::Checking syslog configuration file: LOGG-2154:test:security:logging::Checking syslog configuration file:
LOGG-2160:test:security:logging::Checking /etc/newsyslog.conf: LOGG-2160:test:security:logging::Checking /etc/newsyslog.conf:
LOGG-2162:test:security:logging::Checking directories in /etc/newsyslog.conf: LOGG-2162:test:security:logging::Checking directories in /etc/newsyslog.conf:

33
include/tests_logging
View File

@ -28,7 +28,9 @@
METALOG_RUNNING=0 METALOG_RUNNING=0
RFC3195D_RUNNING=0 RFC3195D_RUNNING=0
RSYSLOG_RUNNING=0 RSYSLOG_RUNNING=0
SOLARIS_LOGHOST=""
SOLARIS_LOGHOST_FOUND=0 SOLARIS_LOGHOST_FOUND=0
SOLARIS_LOGHOST_LOCALHOST=0
SYSLOG_DAEMON_PRESENT=0 SYSLOG_DAEMON_PRESENT=0
SYSLOG_DAEMON_RUNNING=0 SYSLOG_DAEMON_RUNNING=0
SYSLOG_NG_RUNNING=0 SYSLOG_NG_RUNNING=0
@ -305,6 +307,7 @@
LogText "Result: Checking for loghost in /etc/inet/hosts" LogText "Result: Checking for loghost in /etc/inet/hosts"
FIND=$(${GREPBINARY} loghost /etc/inet/hosts | ${GREPBINARY} -v "^#") FIND=$(${GREPBINARY} loghost /etc/inet/hosts | ${GREPBINARY} -v "^#")
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
SOLARIS_LOGHOST="${FIND}"
SOLARIS_LOGHOST_FOUND=1 SOLARIS_LOGHOST_FOUND=1
LogText "Result: Found loghost entry in /etc/inet/hosts" LogText "Result: Found loghost entry in /etc/inet/hosts"
else else
@ -314,6 +317,7 @@
LogText "Result: Checking for loghost via name resolving" LogText "Result: Checking for loghost via name resolving"
FIND=$(getent hosts loghost | ${GREPBINARY} loghost) FIND=$(getent hosts loghost | ${GREPBINARY} loghost)
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
SOLARIS_LOGHOST="${FIND"
SOLARIS_LOGHOST_FOUND=1 SOLARIS_LOGHOST_FOUND=1
LogText "Result: name resolving was successful" LogText "Result: name resolving was successful"
LogText "Output: ${FIND}" LogText "Output: ${FIND}"
@ -334,6 +338,26 @@
fi fi
# #
################################################################################# #################################################################################
#
# Test : LOGG-2153
# Description : Check Solaris 'loghost' entry is not localhost, meaning
# remote logging is not configured.
if [ ${SOLARIS_LOGHOST_FOUND} -eq 1 ] && [ -n "${SOLARIS_LOGHOST}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no LOGG-2153 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking loghost is localhost"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(echo "${SOLARIS_LOGHOST}" | ${AWKBINARY} '{ print $1 }' | ${EGREPBINARY} "::1|127.0.0.1|127.1")
if [ -n "${FIND}" ]; then
SOLARIS_LOGHOST_LOCALHOST=1
LogText "Result: loghost entry is localhost (default)"
Display --indent 4 --text "- Checking loghost entry is localhost" --result "${STATUS_YES}" --color YELLOW
ReportSuggestion "${TEST_NO}" "Set loghost entry to a remote location to enable remote logging."
else
Display --indent 4 --text "- Checking loghost entry is localhost" --result "${STATUS_NO}" --color GREEN
fi
fi
#
#################################################################################
# #
# Test : LOGG-2154 # Test : LOGG-2154
# Description : Check to see if remote logging is enabled # Description : Check to see if remote logging is enabled
@ -402,8 +426,13 @@
LogText "Test: check if logs are also logged to a remote logging host" LogText "Test: check if logs are also logged to a remote logging host"
FIND=$(${EGREPBINARY} "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "[a-zA-Z0-9]@") FIND=$(${EGREPBINARY} "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "[a-zA-Z0-9]@")
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
LogText "Result: remote logging enabled" FIND2=$(echo "${FIND}" | ${GREPBINARY} -v "@loghost")
REMOTE_LOGGING_ENABLED=1 if [ SOLARIS_LOGHOST_LOCALHOST -eq 1 ] && [ -z "${FIND2}" ]; then
LogText "Result: remote logging enabled to loghost, but loghost is localhost"
else
LogText "Result: remote logging enabled"
REMOTE_LOGGING_ENABLED=1
fi
else else
# Search for configured destinations with an IP address or hostname, then determine which ones are used as a log destination # Search for configured destinations with an IP address or hostname, then determine which ones are used as a log destination
DESTINATIONS=$(${GREPBINARY} "^destination" ${SYSLOGD_CONF} | ${EGREPBINARY} "(udp|tcp)" | ${GREPBINARY} "port" | ${AWKBINARY} '{print $2}') DESTINATIONS=$(${GREPBINARY} "^destination" ${SYSLOGD_CONF} | ${EGREPBINARY} "(udp|tcp)" | ${GREPBINARY} "port" | ${AWKBINARY} '{print $2}')