tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-26 23:34:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

[PKGS-7381] check pkg audit and report when the vulnerability database is missing

Browse Source
This commit is contained in:
Michael Boelen 2016-10-15 16:12:49 +02:00
parent b9561b515b
commit d88f755f40
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
include/tests_ports_packages
View File

@ -650,19 +650,20 @@
# #
# Test : PKGS-7381 # Test : PKGS-7381
# Description : Check for vulnerable FreeBSD packages (with pkg) # Description : Check for vulnerable FreeBSD packages (with pkg)
# TODO : Update the repository first # Notes : Related vulnerability file is /var/db/pkg/vuln.xml
if [ -x /usr/sbin/pkg -a -f /var/db/pkg/vuln.xml ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available, or missing vulnerability database"; fi # TODO : Run this in any jail
if [ -x /usr/sbin/pkg -a ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available"; fi
Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg" Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
COUNT=0 COUNT=0
PACKAGE_AUDIT_TOOL_FOUND=1 PACKAGE_AUDIT_TOOL_FOUND=1
PACKAGE_AUDIT_TOOL="pkg audit" PACKAGE_AUDIT_TOOL="pkg audit"
FIND=$(/usr/sbin/pkg audit -q 2> /dev/null) FIND=$(/usr/sbin/pkg audit >& /dev/null)
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
LogText "Result: pkg audit results are clean" LogText "Result: pkg audit results are clean"
Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
AddHP 10 10 AddHP 10 10
else elif [ $? -eq 1 ]; then
if [ ! -z "${FIND}" ]; then if [ ! -z "${FIND}" ]; then
VULNERABLE_PACKAGES_FOUND=1 VULNERABLE_PACKAGES_FOUND=1
Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW
@ -676,6 +677,10 @@
else else
LogText "Result: found an exit code greater than zero, yet no output" LogText "Result: found an exit code greater than zero, yet no output"
fi fi
elif [ $? -eq 65 ]; then
ReportWarning "${TEST_NO}" "No vulnerability database available" "pkg audit" "text:Run pkg audit -f"
else
ReportException "${TEST_NO}" "Found an unknown exit code for pkg audit. Please create an issue at ${PROJECT_SOURCE}"
fi fi
fi fi
# #