mirror of https://github.com/CISOfy/lynis.git
Clean ups and added hints for contributions
This commit is contained in:
Michael Boelen
parent
5db9d4a4e0
commit
d6ceeaa11f
|
|
@ -95,7 +95,7 @@
|
||||||
Display --indent 2 --text "- Checking LVM volume groups" --result FOUND --color GREEN
|
Display --indent 2 --text "- Checking LVM volume groups" --result FOUND --color GREEN
|
||||||
else
|
else
|
||||||
LogText "Result: no LVM volume groups found"
|
LogText "Result: no LVM volume groups found"
|
||||||
Display --indent 2 --text "- Checking LVM volume groups" --result NONE --color WHITE
|
if IsVerbose; then Display --indent 2 --text "- Checking LVM volume groups" --result NONE --color WHITE; fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
|
|
@ -172,7 +172,7 @@
|
||||||
LogText "Test: Query /etc/fstab for available FFS/UFS mount points"
|
LogText "Test: Query /etc/fstab for available FFS/UFS mount points"
|
||||||
FIND=`awk '{ if ($3 == "ufs" || $3 == "ffs" ) { print $1":"$2":"$3":"$4":" }}' /etc/fstab`
|
FIND=`awk '{ if ($3 == "ufs" || $3 == "ffs" ) { print $1":"$2":"$3":"$4":" }}' /etc/fstab`
|
||||||
if [ "${FIND}" = "" ]; then
|
if [ "${FIND}" = "" ]; then
|
||||||
Display --indent 2 --text "- Querying FFS/UFS mount points (fstab)" --result NONE --color WHITE
|
if IsVerbose; then Display --indent 2 --text "- Querying FFS/UFS mount points (fstab)" --result NONE --color WHITE; fi
|
||||||
LogText "Result: unable to find any single mount point (FFS/UFS)"
|
LogText "Result: unable to find any single mount point (FFS/UFS)"
|
||||||
else
|
else
|
||||||
Display --indent 2 --text "- Querying FFS/UFS mount points (fstab)" --result FOUND --color GREEN
|
Display --indent 2 --text "- Querying FFS/UFS mount points (fstab)" --result FOUND --color GREEN
|
||||||
|
|
@ -320,42 +320,6 @@
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
|
||||||
# Test: scan the skel directory for bad permissions
|
|
||||||
# Reason: bad permissions on these files will give new created users the same permissions
|
|
||||||
#YYY enable skel test
|
|
||||||
# Several differences between operating systems are present
|
|
||||||
#SKELDIRS="/etc/skel /usr/share/skel"
|
|
||||||
|
|
||||||
#for I in ${SKELDIRS}; do
|
|
||||||
#
|
|
||||||
# LogText "Searching skel directory ${I}"
|
|
||||||
#
|
|
||||||
# if [ -d ${I} ]; then
|
|
||||||
# LogText "Result: Directory found, scanning for unsafe file permissions"
|
|
||||||
# FIND=`ls -A ${I} | wc -l | sed 's/ //g'`
|
|
||||||
# if [ ! "${FIND}" = "0" ]; then
|
|
||||||
# FIND=`find ${I} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \)`
|
|
||||||
# if [ "${FIND}" = "" ]; then
|
|
||||||
# Display --indent 2 --text "- Checking skel file permissions (${I})" --result OK --color GREEN
|
|
||||||
# LogText "Result: Directory seems to be ok, no files found with read/write/execute bit set."
|
|
||||||
# LogText "Status: OK"
|
|
||||||
# else
|
|
||||||
# Display --indent 2 --text "- Checking skel file permissions (${I})" --result WARNING --color RED
|
|
||||||
# LogText "Result: The following files do have non restrictive permissions: ${FIND}"
|
|
||||||
# ReportSuggestion ${TEST_NO} "Remove the read, write or execute bit from these files (chmod o-rwx)"
|
|
||||||
# fi
|
|
||||||
# else
|
|
||||||
# Display --indent 2 --text "- Checking skel file permissions (${I})" --result EMPTY --color WHITE
|
|
||||||
# LogText "Directory ${I} is empty, no scan performed"
|
|
||||||
# fi
|
|
||||||
# else
|
|
||||||
# Display --indent 2 --text "- Checking skel file permissions (${I})" --result "NOT FOUND" --color WHITE
|
|
||||||
# LogText "Result: Skel directory (${I}) not found"
|
|
||||||
# fi
|
|
||||||
#done
|
|
||||||
#
|
|
||||||
#################################################################################
|
|
||||||
#
|
#
|
||||||
# Test : FILE-6362
|
# Test : FILE-6362
|
||||||
# Description : Check for sticky bit on /tmp
|
# Description : Check for sticky bit on /tmp
|
||||||
|
|
@ -383,6 +347,9 @@
|
||||||
# Test : FILE-6366
|
# Test : FILE-6366
|
||||||
# Description : Check for noatime option
|
# Description : Check for noatime option
|
||||||
# More info : especially useful for profile 'desktop' and 'server-storage'
|
# More info : especially useful for profile 'desktop' and 'server-storage'
|
||||||
|
|
||||||
|
# Want to contribute to Lynis? Create this test
|
||||||
|
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
|
|
@ -547,9 +514,6 @@
|
||||||
#
|
#
|
||||||
# Test : FILE-6376
|
# Test : FILE-6376
|
||||||
# Description : Bind mount the /var/tmp directory to /tmp
|
# Description : Bind mount the /var/tmp directory to /tmp
|
||||||
#
|
|
||||||
#################################################################################
|
|
||||||
#
|
|
||||||
Register --test-no FILE-6376 --os Linux --weight L --network NO --description "Determine if /var/tmp is bound to /tmp"
|
Register --test-no FILE-6376 --os Linux --weight L --network NO --description "Determine if /var/tmp is bound to /tmp"
|
||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
if [ -f /etc/fstab ]; then
|
if [ -f /etc/fstab ]; then
|
||||||
|
|
@ -575,27 +539,42 @@
|
||||||
#
|
#
|
||||||
# Test : FILE-6378
|
# Test : FILE-6378
|
||||||
# Description : Check for nodirtime option
|
# Description : Check for nodirtime option
|
||||||
|
|
||||||
|
# Want to contribute to Lynis? Create this test
|
||||||
|
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
# Test : FILE-6380
|
# Test : FILE-6380
|
||||||
# Description : Check for relatime
|
# Description : Check for relatime
|
||||||
|
|
||||||
|
# Want to contribute to Lynis? Create this test
|
||||||
|
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
# Test : FILE-6390
|
# Test : FILE-6390
|
||||||
# Description : Check writeback/journalling mode (ext3)
|
# Description : Check writeback/journalling mode (ext3)
|
||||||
# More info : data=writeback | data=ordered | data=journal
|
# More info : data=writeback | data=ordered | data=journal
|
||||||
|
|
||||||
|
# Want to contribute to Lynis? Create this test
|
||||||
|
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
# Test : FILE-6394
|
# Test : FILE-6394
|
||||||
# Description : Check vm.swappiness (Linux)
|
# Description : Check vm.swappiness (Linux)
|
||||||
|
|
||||||
|
# Want to contribute to Lynis? Create this test
|
||||||
|
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
# Test : FILE-6398
|
# Test : FILE-6398
|
||||||
# Description : Check if JBD (Journal Block Device) driver is loaded
|
# Description : Check if JBD (Journal Block Device) driver is loaded
|
||||||
|
|
||||||
|
# Want to contribute to Lynis? Create this test
|
||||||
|
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
|
|
@ -630,31 +609,38 @@
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
|
||||||
# Test : FILE-6412
|
|
||||||
# Description : Checking age of locate database
|
|
||||||
#
|
|
||||||
#################################################################################
|
|
||||||
#
|
#
|
||||||
# Test : FILE-6420
|
# Test : FILE-6420
|
||||||
# Description : Check automount process
|
# Description : Check automount process
|
||||||
|
|
||||||
|
# Want to contribute to Lynis? Create this test
|
||||||
|
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
# Test : FILE-6422
|
# Test : FILE-6422
|
||||||
# Description : Check automount maps (files or for example LDAP based)
|
# Description : Check automount maps (files or for example LDAP based)
|
||||||
# Notes : Warn when automounter is running
|
# Notes : Warn when automounter is running
|
||||||
|
|
||||||
|
# Want to contribute to Lynis? Create this test
|
||||||
|
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
# Test : FILE-6424
|
# Test : FILE-6424
|
||||||
# Description : Check automount map files
|
# Description : Check automount map files
|
||||||
|
|
||||||
|
# Want to contribute to Lynis? Create this test
|
||||||
|
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
# Test : FILE-6425
|
# Test : FILE-6425
|
||||||
# Description : Check mounted files systems via automounter
|
# Description : Check mounted files systems via automounter
|
||||||
# Notes : Warn when no systems are mounted?
|
# Notes : Warn when no systems are mounted?
|
||||||
|
|
||||||
|
# Want to contribute to Lynis? Create this test
|
||||||
|
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
#
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue