tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-04-08 17:15:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request from topimiettinen/enhance-tomoyo-check

Browse Source 
Enhance TOMOYO Linux check
This commit is contained in:
Michael Boelen 2020-03-24 13:26:33 +01:00 committed by GitHub
commit dbfadc5446
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 0 deletions

1
include/binaries

@ -278,6 +278,7 @@
tail) TAILBINARY="${BINARY}"; LogText " Found known binary: tail (text filter) - ${BINARY}" ;;
timedatectl) TIMEDATECTL="${BINARY}"; LogText " Found known binary: timedatectl (timedate client) - ${BINARY}" ;;
tomoyo-init) TOMOYOINITBINARY=${BINARY}; LogText " Found known binary: tomoyo-init (tomoyo component) - ${BINARY}" ;;
tomoyo-pstree) TOMOYOPSTREEBINARY=${BINARY}; LogText " Found known binary: tomoyo-pstree (tomoyo process tree) - ${BINARY}" ;;
tr) TRBINARY="${BINARY}"; LogText " Found known binary: tr (text transformation) - ${BINARY}" ;;
tripwire) TRIPWIREBINARY="${BINARY}"; LogText " Found known binary: tripwire (file integrity) - ${BINARY}" ;;
tune2fs) TUNE2FSBINARY="${BINARY}"; LogText " Found known binary: tune2fs (file system tool) - ${BINARY}" ;;

7
include/tests_mac_frameworks

@ -206,6 +206,13 @@
LogText "Result: TOMOYO Linux is enabled"
Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_ENABLED}" --color GREEN
Report "tomoyo_enabled=1"
if [ ! -z ${TOMOYOPSTREEBINARY} ]; then
NUNCONFINED=$(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^ 3 ' | ${WCBINARY} --lines)
Display --indent 8 --text "Found ${NUNCONFINED} unconfined (not profile 3) processes"
for PROCESS in $(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^ 3 ' | ${SEDBINARY} -e 's/+-//g' -e 's/^ *//g' -e 's/ \+/:/g' | ${SORTBINARY}); do
LogText "Result: Unconfined process: ${PROCESS}"
done
fi
AddHP 3 3
else
LogText "Result: TOMOYO Linux is disabled"