tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhance AppArmor check 

Count and log unconfined processes which have no AppArmor profile
applied.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
This commit is contained in:
Topi Miettinen 2020-03-21 17:14:55 +02:00
parent 695eef64ad
commit e0e2096a25
No known key found for this signature in database
GPG Key ID: 87E1A51C590B0577
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/tests_mac_frameworks
View File

@ -75,6 +75,12 @@
Report "apparmor_enabled=1"
Report "apparmor_policy_loaded=1"
AddHP 3 3
# ignore kernel threads (Parent PID = 2 [kthreadd])
NUNCONFINED=$(${PSBINARY} -N --ppid 2 -o label | ${GREPBINARY} '^unconfined' | ${WCBINARY} --lines)
Display --indent 8 --text "Found ${NUNCONFINED} unconfined processes"
for PROCESS in $(${PSBINARY} -N --ppid 2 -o label:1,pid,comm | ${GREPBINARY} '^unconfined' | ${TRBINARY} ' ' ':'); do
LogText "Result: Unconfined process: ${PROCESS}"
done
elif [ $? -eq 4 ]; then
LogText "Result: Can not determine status, most likely due to lacking permissions"
Display --indent 4 --text "- Checking AppArmor status" --result "${STATUS_UNKNOWN}" --color RED