tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow skipping of individual tests or atomic tests

This commit is contained in:
mboelen 2016-04-19 12:37:00 +02:00
parent 1af95edd8a
commit e9eae5b8b5
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/consts
View File

@ -157,6 +157,7 @@ unset LANG
SHOW_PROGRAM_DETAILS=1 SHOW_PROGRAM_DETAILS=1
SHOW_REPORT=1 SHOW_REPORT=1
SHOW_SETTINGS_FILE=0 SHOW_SETTINGS_FILE=0
SKIP_TESTS=""
SKIPPED_TESTS_ROOTONLY="" SKIPPED_TESTS_ROOTONLY=""
SSHKEYSCANBINARY="" SSHKEYSCANBINARY=""
SSHKEYSCANFOUND=0 SSHKEYSCANFOUND=0

31
include/functions
View File

@ -67,6 +67,7 @@
# SearchItem Search a string in a file # SearchItem Search a string in a file
# ShowComplianceFinding Display a particular finding regarding compliance or a security standard # ShowComplianceFinding Display a particular finding regarding compliance or a security standard
# ShowSymlinkPath Show a path behind a symlink # ShowSymlinkPath Show a path behind a symlink
# SkipAtomicTest Test if a subtest needs to be skipped
# TestValue Evaluate a value in a string or key # TestValue Evaluate a value in a string or key
# ViewCategories Display tests categories # ViewCategories Display tests categories
# WaitForKeypress Wait for user to press a key to continue # WaitForKeypress Wait for user to press a key to continue
@ -1514,12 +1515,19 @@
#SkipTest "${TEST_NO}:Test:space:requires:space:root:space:permissions:-:-:" #SkipTest "${TEST_NO}:Test:space:requires:space:root:space:permissions:-:-:"
fi fi
# Skip test if it's configured in profile # Skip test if it's configured in profile (old style)
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FIND=`echo "${TEST_SKIP_ALWAYS}" | grep "${TEST_NO}"` FIND=`echo "${TEST_SKIP_ALWAYS}" | grep "${TEST_NO}"`
if [ ! "${FIND}" = "" ]; then SKIPTEST=1; SKIPREASON="Skipped by configuration"; fi if [ ! "${FIND}" = "" ]; then SKIPTEST=1; SKIPREASON="Skipped by configuration"; fi
fi fi
# Check if this test is on the list to skip
if [ ${SKIPTEST} -eq 0 ]; then
for I in ${SKIP_TESTS}; do
if [ "${I}" = "${TEST_NO}" ]; then SKIPTEST=1; SKIPREASON="Skipped by configuration (skip-test)"; fi
done
fi
# Skip if test is not in the list # Skip if test is not in the list
if [ ${SKIPTEST} -eq 0 -a ! "${TESTS_TO_PERFORM}" = "" ]; then if [ ${SKIPTEST} -eq 0 -a ! "${TESTS_TO_PERFORM}" = "" ]; then
FIND=`echo "${TESTS_TO_PERFORM}" | grep "${TEST_NO}"` FIND=`echo "${TESTS_TO_PERFORM}" | grep "${TEST_NO}"`
@ -2050,6 +2058,27 @@
fi fi
} }
################################################################################
# Name : SkipAtomicTest
# Description : Test if an atomic test should be skipped
# Returns : 0 (True) or 1 (False)
# Usage : if SkipAtomicTest "SSH-7408:permitrootlogin"; then echo "Skip this atomic test"; fi
################################################################################
SkipAtomicTest() {
RETVAL=255
if [ $# -eq 1 ]; then
RETVAL=1
# Check if this test is on the list to skip
for I in ${SKIP_TESTS}; do
if [ "${I}" = "$1" ]; then RETVAL=0; LogText "Atomic test skipped by configuration (skip-test)"; fi
done
fi
return $RETVAL
}
################################################################################ ################################################################################
# Name : TestValue # Name : TestValue
# Description : Test if a value is good/bad (e.g. according to best practices) # Description : Test if a value is good/bad (e.g. according to best practices)