tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added NAME-4408 to check localhost to IP mapping

This commit is contained in:
Michael Boelen 2016-09-13 17:27:25 +02:00
parent ad678eca74
commit df2fff6cc7
2 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
db/tests.db
View File

@ -240,6 +240,7 @@ NAME-4306:test:security:nameservices::Check NIS domain:
NAME-4402:test:security:nameservices::Check duplicate line in /etc/hosts:
NAME-4404:test:security:nameservices::Check /etc/hosts contains an entry for this server name:
NAME-4406:test:security:nameservices::Check server hostname mapping:
NAME-4408:test:security:nameservices::Check localhost to IP mapping:
NETW-2600:test:security:networking:Linux:Checking IPv6 configuration:
NETW-2704:test:security:networking::Basic nameserver configuration tests:
NETW-2705:test:security:networking::Check availability two nameservers:

26
include/tests_nameservices
View File

@ -656,6 +656,32 @@
fi
#
#################################################################################
#
# Test : NAME-4408
# Description : Check localhost entry
if [ ! -z "${GETENTBINARY}" ]; then PREQS_MET="YES"; SKIPREASON="No getent binary"; else PREQS_MET="NO"; SKIPREASON=""; fi
Register --test-no NAME-4408 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check localhost entry"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Check server hostname not locally mapped in /etc/hosts"
FIND=$(${GETENTBINARY} hosts localhost | ${AWKBINARY} '{print $1}')
if [ "${FIND}" = "127.0.0.1" ]; then
LogText "Result: localhost mapped to 127.0.0.1"
Display --indent 4 --text "- Checking /etc/hosts (localhost to IP)" --result "${STATUS_OK}" --color GREEN
report "localhost-mapped-to=${FIND}"
elif [ "${FIND}" = "::1" ]; then
LogText "Result: localhost mapped to ::1"
Display --indent 4 --text "- Checking /etc/hosts (localhost to IP)" --result "${STATUS_OK}" --color GREEN
report "localhost-mapped-to=${FIND}"
else
LogText "Output: ${FIND}"
LogText "Result: this server hostname is not mapped to a local address"
Display --indent 4 --text "- Checking /etc/hosts (localhost to IP)" --result "${STATUS_SUGGESTION}" --color YELLOW
LogText "Information: Ensure that localhost resolves back to 127.0.0.1 (and/or ::1)."
ReportSuggestion ${TEST_NO} "Split resolving between localhost and the hostname of the system" "/etc/hosts" "text:Check your localhost line"
fi
fi
#
#################################################################################
#
Report "name_cache_used=${NAME_CACHE_USED}"