tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-12 00:14:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Check also /var and assign hardening points

Browse Source
This commit is contained in:
mboelen 2015-04-07 17:19:25 +02:00
parent 7785c5a610
commit e21e8679e0
1 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
include/tests_filesystems
View File

@ -29,13 +29,12 @@
################################################################################# #################################################################################
# #
# Test : FILE-6310 # Test : FILE-6310
# Description : Checking if /tmp and /home are separated from / # Description : Checking if some mount points are separated from /
# Goal : Users should not be able to fill their home directory or # Goal : Users should not be able to fill their home directory or temporary directory and creating a Denial of Service
# temporary directory and creating a Denial of Service Register --test-no FILE-6310 --weight L --network NO --description "Checking /tmp, /home and /var directory"
Register --test-no FILE-6310 --weight L --network NO --description "Checking /tmp and /home directory"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
Display --indent 2 --text "- Checking mount points" Display --indent 2 --text "- Checking mount points"
SEPARATED_FILESYTEMS="/home /tmp" SEPARATED_FILESYTEMS="/home /tmp /var"
for I in ${SEPARATED_FILESYTEMS}; do for I in ${SEPARATED_FILESYTEMS}; do
logtext "Test: Checking if ${I} is mounted separately or mounted on / file system" logtext "Test: Checking if ${I} is mounted separately or mounted on / file system"
if [ -L ${I} ]; then if [ -L ${I} ]; then
@ -47,10 +46,12 @@
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
logtext "Result: found ${I} as a separated mount point" logtext "Result: found ${I} as a separated mount point"
Display --indent 4 --text "- Checking ${I} mount point" --result OK --color GREEN Display --indent 4 --text "- Checking ${I} mount point" --result OK --color GREEN
AddHP 10 10
else else
logtext "Result: ${I} not found in mount list. Directory most likely stored on / file system" logtext "Result: ${I} not found in mount list. Directory most likely stored on / file system"
Display --indent 4 --text "- Checking ${I} mount point" --result SUGGESTION --color YELLOW Display --indent 4 --text "- Checking ${I} mount point" --result SUGGESTION --color YELLOW
ReportSuggestion ${TEST_NO} "To decrease the impact of a full ${I} file system, place ${I} on a separated partition" ReportSuggestion ${TEST_NO} "To decrease the impact of a full ${I} file system, place ${I} on a separated partition"
AddHP 9 10
fi fi
else else
logtext "Result: directory ${I} does not exist" logtext "Result: directory ${I} does not exist"
@ -59,10 +60,6 @@
fi fi
# #
################################################################################# #################################################################################
#
# YYY Checking Physical Volumes
#
#################################################################################
# #
# Test : FILE-6311 # Test : FILE-6311
# Description : Checking LVM Volume Groups # Description : Checking LVM Volume Groups