tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-27 15:54:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Enhance TOMOYO Linux check

Browse Source 
Count and log unconfined processes, which are not using policy
profile 3.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
This commit is contained in:
Topi Miettinen 2020-03-23 18:41:58 +02:00
parent 7bba7bd4af
commit e09fe98b89
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/binaries
View File

@ -277,6 +277,7 @@
tail) TAILBINARY="${BINARY}"; LogText " Found known binary: tail (text filter) - ${BINARY}" ;; tail) TAILBINARY="${BINARY}"; LogText " Found known binary: tail (text filter) - ${BINARY}" ;;
timedatectl) TIMEDATECTL="${BINARY}"; LogText " Found known binary: timedatectl (timedate client) - ${BINARY}" ;; timedatectl) TIMEDATECTL="${BINARY}"; LogText " Found known binary: timedatectl (timedate client) - ${BINARY}" ;;
tomoyo-init) TOMOYOINITBINARY=${BINARY}; LogText " Found known binary: tomoyo-init (tomoyo component) - ${BINARY}" ;; tomoyo-init) TOMOYOINITBINARY=${BINARY}; LogText " Found known binary: tomoyo-init (tomoyo component) - ${BINARY}" ;;
tomoyo-pstree) TOMOYOPSTREEBINARY=${BINARY}; LogText " Found known binary: tomoyo-pstree (tomoyo process tree) - ${BINARY}" ;;
tr) TRBINARY="${BINARY}"; LogText " Found known binary: tr (text transformation) - ${BINARY}" ;; tr) TRBINARY="${BINARY}"; LogText " Found known binary: tr (text transformation) - ${BINARY}" ;;
tripwire) TRIPWIREBINARY="${BINARY}"; LogText " Found known binary: tripwire (file integrity) - ${BINARY}" ;; tripwire) TRIPWIREBINARY="${BINARY}"; LogText " Found known binary: tripwire (file integrity) - ${BINARY}" ;;
tune2fs) TUNE2FSBINARY="${BINARY}"; LogText " Found known binary: tune2fs (file system tool) - ${BINARY}" ;; tune2fs) TUNE2FSBINARY="${BINARY}"; LogText " Found known binary: tune2fs (file system tool) - ${BINARY}" ;;

7
include/tests_mac_frameworks
View File

@ -206,6 +206,13 @@
LogText "Result: TOMOYO Linux is enabled" LogText "Result: TOMOYO Linux is enabled"
Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_ENABLED}" --color GREEN Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_ENABLED}" --color GREEN
Report "tomoyo_enabled=1" Report "tomoyo_enabled=1"
if [ ! -z ${TOMOYOPSTREEBINARY} ]; then
NUNCONFINED=$(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^ 3 ' | ${WCBINARY} --lines)
Display --indent 8 --text "Found ${NUNCONFINED} unconfined (not profile 3) processes"
for PROCESS in $(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^ 3 ' | ${SEDBINARY} -e 's/+-//g' -e 's/^ *//g' -e 's/ \+/:/g' | ${SORTBINARY}); do
LogText "Result: Unconfined process: ${PROCESS}"
done
fi
AddHP 3 3 AddHP 3 3
else else
LogText "Result: TOMOYO Linux is disabled" LogText "Result: TOMOYO Linux is disabled"