tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rewritten counters and dealing with values

This commit is contained in:
Michael Boelen 2016-05-03 14:57:53 +02:00
parent eda79af419
commit eded02cfde
19 changed files with 74 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG
View File

@ -81,6 +81,13 @@ Package manager Brew has been added
Show suggestion when weak protocol is used, like SSLv2 or SSLv3. The protocols
are now also parsed and stored as details in the report file.
* Performance
-------------
Several performance improvements have been implemented. This includes rewriting
tests to invoke less commands and enhanced hardware detection at the beginning.
* Plugins
---------
You can set the plugin directory now also via a profile. First match wins.

2
include/binaries
View File

@ -74,7 +74,7 @@
LogText "Directory ${SCANDIR} exists. Starting directory scanning..."
FIND=`ls ${SCANDIR}`
for I in ${FIND}; do
N=`expr ${N} + 1`
N=$((N + 1))
BINARY="${SCANDIR}/${I}"
DISCOVERED_BINARIES="${DISCOVERED_BINARIES}${BINARY} "
# Optimized, much quicker (limited file access needed)

16
include/functions
View File

@ -103,8 +103,8 @@
AddHP() {
HPADD=$1; HPADDMAX=$2
HPPOINTS=`expr ${HPPOINTS} + ${HPADD}`
HPTOTAL=`expr ${HPTOTAL} + ${HPADDMAX}`
HPPOINTS=$((HPPOINTS + HPADD))
HPTOTAL=$((HPTOTAL + HPADDMAX))
if [ ${HPADD} -eq ${HPADDMAX} ]; then
LogText "Hardening: assigned maximum number of hardening points for this item (${HPADDMAX}). Currently having ${HPPOINTS} points (out of ${HPTOTAL})"
else
@ -250,7 +250,7 @@
################################################################################
CountTests() {
CTESTS_PERFORMED=`expr ${CTESTS_PERFORMED} + 1`
CTESTS_PERFORMED=$((CTESTS_PERFORMED + 1))
}
@ -406,7 +406,7 @@
# Display (counting with -m instead of -c, to support language locale)
LINESIZE=`echo "${TEXT}" | wc -m | tr -d ' '`
if [ ${SHOWDEBUG} -eq 1 ]; then DEBUGTEXT=" [${PURPLE}DEBUG${NORMAL}]"; else DEBUGTEXT=""; fi
if [ ${INDENT} -gt 0 ]; then SPACES=`expr 62 - ${INDENT} - ${LINESIZE}`; fi
if [ ${INDENT} -gt 0 ]; then SPACES=$((62 - INDENT - LINESIZE)); fi
if [ ${CRONJOB} -eq 0 ]; then
# Check if we already have already discovered a proper echo command tool. It not, set it default to 'echo'.
if [ "${ECHOCMD}" = "" ]; then ECHOCMD="echo"; fi
@ -1472,7 +1472,7 @@
Display "Can not use RandomString function, as there is no random device to be used"
fi
if [ $# -eq 0 ]; then local SIZE=16; else local SIZE=$1; fi
local CSIZE=`expr ${SIZE} / 2`
local CSIZE=$((SIZE / 2))
RANDOMSTRING=`head -c ${CSIZE} /dev/urandom | od -An -x | tr -d ' ' | cut -c 1-${SIZE}`
}
@ -1489,7 +1489,7 @@
if [ ${SKIPLOGTEST} -eq 0 ]; then LogTextBreak; fi
ROOT_ONLY=0; SKIPTEST=0; SKIPLOGTEST=0; TEST_NEED_OS=""; PREQS_MET=""
TEST_NEED_NETWORK=""; TEST_NEED_PLATFORM=""
TOTAL_TESTS=`expr ${TOTAL_TESTS} + 1`
TOTAL_TESTS=$((TOTAL_TESTS + 1))
while [ $# -ge 1 ]; do
case $1 in
--description)
@ -1758,7 +1758,7 @@
# Log suggestions to report file
ReportSuggestion() {
TOTAL_SUGGESTIONS=`expr ${TOTAL_SUGGESTIONS} + 1`
TOTAL_SUGGESTIONS=$((TOTAL_SUGGESTIONS + 1))
# 4 parameters
# <ID> <Suggestion> <Details> <Solution>
# <ID> Lynis ID (use CUST-.... for your own tests)
@ -1783,7 +1783,7 @@
# Log warning to report file
ReportWarning() {
TOTAL_WARNINGS=`expr ${TOTAL_WARNINGS} + 1`
TOTAL_WARNINGS=$((TOTAL_WARNINGS + 1))
# Old style
# <ID> <priority/impact> <warning text>
if [ "$2" = "L" -o "$2" = "M" -o "$2" = "H" ]; then

4
include/report
View File

@ -33,8 +33,8 @@
#
# If no hardening has been found, set value to 1
if [ ${HPPOINTS} -eq 0 ]; then HPPOINTS=1; HPTOTAL=100; fi
HPINDEX=`expr $HPPOINTS \* 100 / $HPTOTAL`
HPAOBLOCKS=`expr $HPPOINTS \* 20 / $HPTOTAL`
HPINDEX=$((HPPOINTS * 100 / HPTOTAL))
HPAOBLOCKS=$((HPPOINTS * 20 / HPTOTAL))
# Set color related to rating
if [ ${HPINDEX} -lt 50 ]; then
HPCOLOR="${RED}"

6
include/tests_banners
View File

@ -103,7 +103,7 @@
# FIND=`grep -i "${I}" /etc/motd`
# if [ ! "${FIND}" = "" ]; then
# LogText "Result: found string '${I}'"
# N=`expr ${N} + 1`
# N=$((N + 1))
# fi
# done
# # Check if we have 5 or more key words
@ -154,7 +154,7 @@
FIND=`grep -i "${I}" /etc/issue`
if [ ! "${FIND}" = "" ]; then
LogText "Result: found string '${I}'"
N=`expr ${N} + 1`
N=$((N + 1))
fi
done
# Check if we have 5 or more key words
@ -206,7 +206,7 @@
FIND=`grep -i "${I}" /etc/issue.net`
if [ ! "${FIND}" = "" ]; then
LogText "Result: found string '${I}'"
N=`expr ${N} + 1`
N=$((N + 1))
fi
done
# Check if we have 5 or more key words

14
include/tests_boot_services
View File

@ -489,7 +489,7 @@
for I in ${FIND}; do
LogText "Found service (service/rc.conf): ${I}"
Report "boottask[]=${I}"
N=`expr ${N} + 1`
N=$((N + 1))
done
Display --indent 2 --text "- Checking services at startup (service/rc.conf)" --result "DONE" --color GREEN
Display --indent 6 --text "Result: found $N services/options set"
@ -516,7 +516,7 @@
for I in ${FIND}; do
LogText "Found running service: ${I}"
Report "running_service[]=${I}"
N=`expr ${N} + 1`
N=$((N + 1))
done
LogText "Note: Run systemctl --full --type=service to see all services"
Display --indent 2 --text "- Check running services (systemctl)" --result "DONE" --color GREEN
@ -531,7 +531,7 @@
for I in ${FIND}; do
LogText "Found enabled service at boot: ${I}"
Report "boot_service[]=${I}"
N=`expr ${N} + 1`
N=$((N + 1))
done
LogText "Note: Run systemctl list-unit-files --type=service to see all services"
Display --indent 2 --text "- Check enabled services at boot (systemctl)" --result "DONE" --color GREEN
@ -549,7 +549,7 @@
for I in ${FIND}; do
LogText "Found service (at boot, runlevel 3 or 5): ${I}"
Report "boot_service[]=${I}"
N=`expr ${N} + 1`
N=$((N + 1))
done
LogText "Hint: Run chkconfig --list to see all services and disable unneeded services"
Display --indent 2 --text "- Check services at startup (chkconfig)" --result "DONE" --color GREEN
@ -579,7 +579,7 @@
N=0
for I in ${FIND}; do
LogText "Found service (at boot, runlevel 2): ${I}"
N=`expr ${N} + 1`
N=$((N + 1))
done
Display --indent 2 --text "- Check services at startup (rc2.d)" --result "DONE" --color WHITE
Display --indent 4 --text "Result: found $N services"
@ -712,7 +712,7 @@
LogText "Boot time: ${TIME_BOOT}"
LogText "Current time: ${TIME_NOW}"
if [ ! "${TIME_BOOT}" = "" -a ! "${TIME_NOW}" = "" ]; then
UPTIME_IN_SECS=`expr ${TIME_NOW} - ${TIME_BOOT}`
UPTIME_IN_SECS=$((TIME_NOW - TIME_BOOT))
else
ReportException "${TEST_NO}:5" "Most likely kern.boottime empty, unable to determine uptime"
fi
@ -740,7 +740,7 @@
esac
if [ ! "${FIND}" = "" ]; then
UPTIME_IN_SECS="${FIND}"
UPTIME_IN_DAYS=`expr ${UPTIME_IN_SECS} / 60 / 60 / 24`
UPTIME_IN_DAYS=$((UPTIME_IN_SECS / 60 / 60 / 24))
LogText "Uptime (in seconds): ${UPTIME_IN_SECS}"
LogText "Uptime (in days): ${UPTIME_IN_DAYS}"
Report "uptime_in_seconds=${UPTIME_IN_SECS}"

8
include/tests_containers
View File

@ -40,7 +40,7 @@
if [ ! "${FIND}" = "" ]; then
N=0
for I in ${FIND}; do
N=`expr ${N} + 1`
N=$((N + 1))
ZONEID=`echo ${I} | cut -d ':' -f1`
ZONENAME=`echo ${I} | cut -d ':' -f2`
LogText "Result: found zone ${ZONENAME} (running)"
@ -102,7 +102,7 @@
for I in ${FIND}; do
J=`echo ${I} | sed 's/:space:/ /g'`
LogText "Output: ${J}"
COUNT=`expr ${COUNT} + 1`
COUNT=$((COUNT + 1))
done
Display --indent 8 --text "- Docker info output (warnings)" --result "${COUNT}" --color RED
ReportSuggestion "${TEST_NO}" "Run 'docker info' to see warnings applicable to Docker daemon"
@ -154,7 +154,7 @@
# Check if there aren't too many unused containers on the system
if [ ${DOCKER_CONTAINERS_TOTAL} -gt 0 ]; then
DOCKER_CONTAINERS_UNUSED=`expr ${DOCKER_CONTAINERS_TOTAL} - ${DOCKER_CONTAINERS_RUNNING}`
DOCKER_CONTAINERS_UNUSED=$((DOCKER_CONTAINERS_TOTAL - DOCKER_CONTAINERS_RUNNING))
if [ ${DOCKER_CONTAINERS_UNUSED} -gt 10 ]; then
ReportSuggestion "${TEST_NO}" "More than 10 unused containers found on the system. Clean up old containers by using output of 'docker ps -a' command"
Display --indent 8 --text "- Unused containers" --result "${DOCKER_CONTAINERS_UNUSED}" --color RED
@ -183,7 +183,7 @@
if IsWorldWritable ${I}; then
LogText "Result: file is writable by others, which is a security risk (e.g. privilege escalation)"
ReportWarning "${TEST_NO}" "Docker file is world writable" "${I}" "-"
DOCKER_FILE_PERMISSIONS_WARNINGS=`expr ${DOCKER_FILE_PERMISSIONS_WARNINGS} + 1`
DOCKER_FILE_PERMISSIONS_WARNINGS=$((DOCKER_FILE_PERMISSIONS_WARNINGS + 1))
else
LogText "Result: file is not writable by others, which is fine"
fi

2
include/tests_filesystems
View File

@ -308,7 +308,7 @@
for I in ${FIND}; do
FILE=`echo ${I} | sed 's/!space!/ /g'`
LogText "Old temporary file: ${FILE}"
N=`expr ${N} + 1`
N=$((N + 1))
done
LogText "Result: found old files in /tmp, which were not modified in the last ${TMP_OLD_DAYS} days"
LogText "Advice: check and clean up unused files in /tmp. Old files can fill up a disk or contain"

4
include/tests_kernel
View File

@ -215,7 +215,7 @@
for I in ${FIND}; do
LogText "Loaded module: ${I}"
Report "loaded_kernel_module[]=${I}"
N=`expr ${N} + 1`
N=$((N + 1))
done
Display --indent 6 --text "Found ${N} active modules"
else
@ -299,7 +299,7 @@
for I in ${FIND}; do
LogText "Loaded module: ${I}"
Report "loaded_kernel_module[]=${I}"
N=`expr ${N} + 1`
N=$((N + 1))
done
Display --indent 4 --text "Found ${N} kernel modules" --result DONE --color GREEN
else

2
include/tests_kernel_hardening
View File

@ -53,7 +53,7 @@
Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result DIFFERENT --color RED
AddHP 0 ${tFINDhp}
FOUND=1
N=`expr ${N} + 1`
N=$((N + 1))
ReportDetails --test "${TEST_NO}" --service "sysctl" --field "${tFINDkey}" --value "${tFINDcurvalue}" --preferredvalue "${tFINDexpvalue}" --description "${tFINDdesc}"
fi
else

2
include/tests_nameservices
View File

@ -78,7 +78,7 @@
for I in ${FIND}; do
LogText "Found search domain: ${I}"
Report "resolv_conf_search_domain[]=${I}"
N=`expr ${N} + 1`
N=$((N + 1))
done
# Warn if we have more than 6 search domains, which is maximum in most resolvers
if [ ${N} -gt 6 ]; then

14
include/tests_networking
View File

@ -141,7 +141,7 @@
Display --indent 8 --text "Nameserver: ${I}" --result OK --color GREEN
LogText "Nameserver ${I} seems to respond to queries from this host."
# Count responsive nameservers
NUMBERACTIVENS=`expr ${NUMBERACTIVENS} + 1`
NUMBERACTIVENS=$((NUMBERACTIVENS + 1))
else
Display --indent 8 --text "Nameserver: ${I}" --result "NO RESPONSE" --color RED
LogText "Result: nameserver ${I} does NOT respond"
@ -242,7 +242,7 @@
for I in ${FIND}; do
NETWORK_INTERFACES="${NETWORK_INTERFACES}|${I}"
LogText "Found network interface: ${I}"
N=`expr ${N} + 1`
N=$((N + 1))
Report "network_interface[]=${I}"
done
else
@ -296,7 +296,7 @@
N=0
for I in ${FIND}; do
LogText "Found MAC address: ${I}"
N=`expr ${N} + 1`
N=$((N + 1))
Report "network_mac_address[]=${I}"
done
fi
@ -353,13 +353,13 @@
# IPv4
for I in ${FIND}; do
LogText "Found IPv4 address: ${I}"
N=`expr ${N} + 1`
N=$((N + 1))
Report "network_ipv4_address[]=${I}"
done
# IPv6
for I in ${FIND2}; do
LogText "Found IPv6 address: ${I}"
N=`expr ${N} + 1`
N=$((N + 1))
Report "network_ipv6_address[]=${I}"
done
@ -441,7 +441,7 @@
LogText "Test: Retrieving sockstat information to find listening ports"
if [ ! "${FIND}" = "" ]; then
for I in ${FIND}; do
N=`expr ${N} + 1`
N=$((N + 1))
LogText "Found listening info: ${I}"
Report "network_listen_port[]=${I}"
done
@ -449,7 +449,7 @@
if [ ! "${FIND2}" = "" ]; then
for I in ${FIND2}; do
N=`expr ${N} + 1`
N=$((N + 1))
LogText "Found listening info: ${I}"
Report "network_listen_port[]=${I}"
done

18
include/tests_ports_packages
View File

@ -75,7 +75,7 @@
LogText "Output:"; LogText "-----"
SPACKAGES=`/usr/sbin/pkg_info 2>&1 | sort | tr -s ' ' | cut -d ' ' -f1 | sed -e 's/^\(.*\)-\([0-9].*\)$/\1,\2/g'`
for J in ${SPACKAGES}; do
N=`expr ${N} + 1`
N=$((N + 1))
sPKG_NAME=`echo ${J} | cut -d ',' -f1`
sPKG_VERSION=`echo ${J} | cut -d ',' -f2`
LogText "Installed package: ${sPKG_NAME} (version: ${sPKG_VERSION})"
@ -175,7 +175,7 @@
ReportSuggestion "${TEST_NO}" "Check RPM database as RPM binary available but does not reveal any packages"
else
for J in ${SPACKAGES}; do
N=`expr ${N} + 1`
N=$((N + 1))
PACKAGE_NAME=`echo ${J} | awk -F, '{print $1}'`
PACKAGE_VERSION=`echo ${J} | awk -F, '{print $2}'`
LogText "Found package: ${J}"
@ -207,7 +207,7 @@
LogText "Info: looks like the pacman binary is installed, but not used for package installation"
else
for J in ${SPACKAGES}; do
N=`expr ${N} + 1`
N=$((N + 1))
PACKAGE_NAME=`echo ${J} | awk -F, '{ print $1 }'`
PACKAGE_VERSION=`echo ${J} | awk -F, '{ print $2 }'`
LogText "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
@ -269,7 +269,7 @@
LogText "Test: checking available repositories"
FIND=`grep "^\[.*\]$" ${PACMANCONF} | tr -d '[]'`
for I in ${FIND}; do
COUNT=`expr ${COUNT} + 1`
COUNT=$((COUNT + 1))
Report "package_repository[]=${I}"
done
LogText "Result: found ${COUNT} repositories"
@ -288,7 +288,7 @@
FIND=`${ZYPPERBINARY} se -i | awk '{ if ($1=="i") { print $3 } }'`
if [ ! "${FIND}" = "" ]; then
for I in ${FIND}; do
N=`expr ${N} + 1`
N=$((N + 1))
LogText "Installed package: ${I}"
INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J},0,"
done
@ -343,7 +343,7 @@
LogText "Output:"
SPACKAGES=`dpkg -l 2>/dev/null | grep "^ii" | tr -s ' ' | tr ' ' ',' | sort`
for J in ${SPACKAGES}; do
N=`expr ${N} + 1`
N=$((N + 1))
PACKAGE_NAME=`echo ${J} | cut -d ',' -f2`
PACKAGE_VERSION=`echo ${J} | cut -d ',' -f3`
LogText "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
@ -373,7 +373,7 @@
LogText "Result: found one or more packages with left over configuration files, cron jobs etc"
LogText "Output:"
for J in ${SPACKAGES}; do
N=`expr ${N} + 1`
N=$((N + 1))
LogText "Found unpurged package: ${J}"
done
ReportSuggestion ${TEST_NO} "Purge old/removed packages (${N} found) with aptitude purge or dpkg --purge command. This will cleanup old configuration files, cron jobs and startup scripts."
@ -421,7 +421,7 @@
PACKAGE_AUDIT_TOOL="dnf"
SPACKAGES=`${DNFBINARY} -q list installed 2> /dev/null | awk '{ if ($1!="Installed" && $1!="Last") {print $1","$2 }}'`
for J in ${SPACKAGES}; do
N=`expr ${N} + 1`
N=$((N + 1))
PACKAGE_NAME=`echo ${J} | cut -d ',' -f1`
PACKAGE_VERSION=`echo ${J} | cut -d ',' -f2`
LogText "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
@ -555,7 +555,7 @@
LogText "Test: Querying portmaster for possible port upgrades"
UPACKAGES=`/usr/local/sbin/portmaster -L | grep "version available" | awk '{ print $5 }'`
for J in ${UPACKAGES}; do
N=`expr ${N} + 1`
N=$((N + 1))
LogText "Upgrade available (new version): ${J}"
Report "upgrade_available[]=${J}"
done

6
include/tests_printers_spools
View File

@ -141,7 +141,7 @@
N=0
for I in ${FIND}; do
LogText "Found network address: ${I}"
N=`expr ${N} + 1`
N=$((N + 1))
FOUND=1
done
if [ ${FOUND} -eq 0 ]; then
@ -169,7 +169,7 @@
FIND=`grep "^Listen" ${CUPSD_CONFIG_FILE} | grep "/" | awk '{ print $2 }'`
for I in ${FIND}; do
LogText "Found socket address: ${I}"
N=`expr ${N} + 1`
N=$((N + 1))
done
if [ ${N} -eq 0 ]; then
@ -275,7 +275,7 @@
for I in ${FIND}; do
FILE=`echo ${I} | sed 's/!space!/ /g'`
LogText "Found old print job: ${FILE}"
N=`expr ${N} + 1`
N=$((N + 1))
done
LogText "Result: Found ${N} old print jobs in /var/spool/lpd/qdir"
Display --indent 4 --text "- Checking old print jobs" --result FOUND --color YELLOW

12
include/tests_shells
View File

@ -79,12 +79,12 @@
CSSHELLS=0; CSSHELLS_ALL=0
Display --indent 2 --text "- Checking shells from /etc/shells"
for I in ${SSHELLS}; do
CSSHELLS_ALL=`expr ${CSSHELLS_ALL} + 1`
CSSHELLS_ALL=$((CSSHELLS_ALL + 1))
Report "available_shell[]=${I}"
# YYY add check for symlinked shells
if [ -f ${I} ]; then
LogText "Found installed shell: ${I}"
CSSHELLS=`expr ${CSSHELLS} + 1`
CSSHELLS=$((CSSHELLS + 1))
else
LogText "Shell ${I} not installed. Probably a dummy or non existing shell."
fi
@ -125,7 +125,7 @@
for I in ${FIND}; do
LogText "Output: ${I}"
Report "session_timeout_value[]=${I}"
N=`expr ${N} + 1`
N=$((N + 1))
done
if [ ${N} -eq 1 ]; then
LogText "Result: found TMOUT value configured in /etc/profile"
@ -142,7 +142,7 @@
for I in ${FIND2}; do
LogText "Output: ${I}"
if [ "${I}" = "readonly" -o "${I}" = "typeset" ]; then
N=`expr ${N} + 1`
N=$((N + 1))
fi
done
if [ ${N} -gt 0 ]; then
@ -172,7 +172,7 @@
for I in ${FIND}; do
LogText "Output: ${I}"
Report "session_timeout_value[]=${I}"
N=`expr ${N} + 1`
N=$((N + 1))
done
if [ ${N} -eq 1 ]; then
LogText "Result: found TMOUT value configured in one of the files in /etc/profile.d directory"
@ -189,7 +189,7 @@
for I in ${FIND2}; do
LogText "Output: ${I}"
if [ "${I}" = "readonly" -o "${I}" = "typeset" ]; then
N=`expr ${N} + 1`
N=$((N + 1))
fi
done
if [ ${N} -gt 0 ]; then

2
include/tests_squid
View File

@ -209,7 +209,7 @@
Display --indent 6 --text "- Checking Access Control Lists" --result "NONE" --color RED
else
for I in ${FIND}; do
N=`expr ${N} + 1`
N=$((N + 1))
I=`echo ${I} | sed 's/!space!/ /g'`
LogText "Found ACL: ${I}"
#Report "squid_acl=${I}"

2
include/tests_time
View File

@ -246,7 +246,7 @@
LogText "Found stratum 16 peer: ${I}"
FIND2=`egrep "^ntp:ignore_stratum_16_peer:${I}:" ${PROFILE}`
if [ "${FIND2}" = "" ]; then
N=`expr ${N} + 1`
N=$((N + 1))
else
LogText "Output: host ${I} ignored by profile"
fi

12
include/tests_webservers
View File

@ -150,14 +150,14 @@
for J in `grep "ServerName" ${I} | grep -v "^#" | awk '{ if ($1=="ServerName" && $2!="*" && $2!="default") print $2 }'`; do
if [ ! -z ${J} ]; then
tVHOSTS="${tVHOSTS} ${J}"
cVHOSTS=`expr ${cVHOSTS} + 1`
cVHOSTS=$((cVHOSTS + 1))
fi
done
# Search Server aliases
for J in `grep "ServerAlias" ${I} | grep -v "^#" | sed "s/.* ServerAlias//g" | sed "s/#.*//g"`; do
if [ ! -z ${J} ]; then
tVHOSTS="${tVHOSTS} ${J}"
cVHOSTS=`expr ${cVHOSTS} + 1`
cVHOSTS=$((cVHOSTS + 1))
fi
done
else
@ -275,7 +275,7 @@
for J in ${FIND}; do
Report "apache_module[]=${J}"
LogText "Result: found Apache module ${J}"
N=`expr ${N} + 1`
N=$((N + 1))
done
fi
done
@ -431,7 +431,7 @@
for J in ${FIND2}; do
# Ensure that we are parsing normal files
if [ -f ${J} ]; then
N=`expr ${N} + 1`
N=$((N + 1))
LogText "Result: found Nginx configuration file ${J}"
Report "nginx_sub_conf_file=${J}"
FileIsReadable ${J}
@ -621,7 +621,7 @@
# FIND=`grep "proxy_pass" ${NGINX_CONF_LOCATION} | grep -v "#" | sed 's/proxy_pass//g' | tr -d ';'`
# for I in ${FIND}; do
# LogText "Found reverse proxy configuration for: ${I}"
# N=`expr ${N} + 1`
# N=$((N + 1))
# done
# if [ ${N} -eq 0 ]; then
# LogText "Result: no reverse proxying functionality found"
@ -647,7 +647,7 @@
# if [ "${I}" = "_" ]; then I="Default virtual host"; fi
# LogText "Found virtual host: ${I}"
# Report "nginx_vhost_name[]=${I}"
# N=`expr ${N} + 1`
# N=$((N + 1))
# done
# if [ ${N} -eq 0 ]; then
# LogText "Result: no virtual hosts found"

8
lynis
View File

@ -620,7 +620,7 @@ ${NORMAL}
LogText "Latest stable version : ${PROGRAM_LV}"
if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then
# Check if current version is REALLY outdated (10 versions ago)
PROGRAM_MINVERSION=`expr ${PROGRAM_LV} - 10`
PROGRAM_MINVERSION=$((${PROGRAM_LV} - 10))
LogText "Minimum required version : ${PROGRAM_MINVERSION}"
if [ ${PROGRAM_MINVERSION} -gt ${PROGRAM_AC} ]; then
Display --indent 2 --text "- Program update status... " --result "WARNING" --color RED
@ -652,7 +652,7 @@ ${NORMAL}
NOW=`date +%s`
OLD_RELEASE=0
TIME_DIFFERENCE_CHECK=10368000 # 4 months
RELEASE_PLUS_TIMEDIFF=`expr ${PROGRAM_RELEASE_TIMESTAMP} + ${TIME_DIFFERENCE_CHECK}`
RELEASE_PLUS_TIMEDIFF=$((${PROGRAM_RELEASE_TIMESTAMP} + ${TIME_DIFFERENCE_CHECK}))
if [ ${NOW} -gt ${RELEASE_PLUS_TIMEDIFF} ]; then
# Show if release is old, only if we didn't show it with normal update check
if [ ${UPDATE_AVAILABLE} -eq 0 ]; then
@ -757,7 +757,7 @@ ${NORMAL}
if [ -f ${PLUGIN_FILE} ]; then
FIND2=`grep "^# PLUGIN_NAME=" ${PLUGIN_FILE} | awk -F= '{ print $2 }'`
if [ ! "${FIND2}" = "" -a ! "${FIND2}" = "[plugin_name]" ]; then
if [ ${PLUGIN_PHASE} -eq 1 ]; then N_PLUGIN=`expr ${N_PLUGIN} + 1`; fi
if [ ${PLUGIN_PHASE} -eq 1 ]; then N_PLUGIN=$((${N_PLUGIN} + 1)); fi
# Check if the plugin is enabled in any of the profiles
PLUGIN_ENABLED_STATE=0
for PROFILE in ${PROFILES}; do
@ -779,7 +779,7 @@ ${NORMAL}
if [ "${FIND4}" = "rw-r--r--" -o "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then
LogText "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})"
Report "plugin_enabled_phase${PLUGIN_PHASE}[]=${FIND2}|${PLUGIN_VERSION}|"
if [ ${PLUGIN_PHASE} -eq 1 ]; then N_PLUGIN_ENABLED=`expr ${N_PLUGIN_ENABLED} + 1`; fi
if [ ${PLUGIN_PHASE} -eq 1 ]; then N_PLUGIN_ENABLED=$((${N_PLUGIN_ENABLED} + 1)); fi
Display --indent 2 --text "- ${CYAN}Plugin${NORMAL}: ${WHITE}${FIND2}${NORMAL}"
if [ ${PLUGIN_PHASE} -eq 1 ]; then Progress " ["; fi
. ${PLUGINFILE}