tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Preparations for forensics scan mode

This commit is contained in:
Michael Boelen 2019-08-21 13:41:23 +02:00
parent a714568842
commit ee18e76e97
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
5 changed files with 50 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/consts
View File

@ -114,6 +114,7 @@ unset LANG
FIND="" FIND=""
FIREWALL_ACTIVE=0 FIREWALL_ACTIVE=0
FOUNDPATH=0 FOUNDPATH=0
FORENSICS=0
GETENT_BINARY="" GETENT_BINARY=""
GRADMBINARY="" GRADMBINARY=""
GREPBINARY="grep" GREPBINARY="grep"

2
include/helper_show
View File

@ -30,7 +30,7 @@
COMMANDS="audit configure generate show update upload-only" COMMANDS="audit configure generate show update upload-only"
HELPERS="audit configure show update" HELPERS="audit configure show update"
OPTIONS="--auditor\n--cronjob (--cron)\n--debug\n--developer\n--help (-h)\n--license-key\n--log-file\n--manpage (--man)\n--no-colors\n--no-log\n--pentest\n--profile\n--plugin-dir\n--quick (-Q)\n--quiet (-q)\n--report-file\n--reverse-colors\n--skip-plugins\n--tests\n--tests-from-category\n--tests-from-group\n--usecwd\n--upload\n--verbose\n--version (-V)\n--wait\n--warnings-only" OPTIONS="--auditor\n--cronjob (--cron)\n--debug\n--developer\n--forensics\n--help (-h)\n--log-file\n--manpage (--man)\n--no-colors\n--no-log\n--pentest\n--profile\n--plugin-dir\n--quick (-Q)\n--quiet (-q)\n--report-file\n--reverse-colors\n--skip-plugins\n--tests\n--tests-from-category\n--tests-from-group\n--usecwd\n--upload\n--verbose\n--version (-V)\n--wait\n--warnings-only"
SHOW_ARGS="categories changelog commands dbdir details environment eol groups help hostids includedir language license logfile man options os pidfile plugindir profiles release releasedate report settings tests version workdir" SHOW_ARGS="categories changelog commands dbdir details environment eol groups help hostids includedir language license logfile man options os pidfile plugindir profiles release releasedate report settings tests version workdir"
SHOW_HELP="lynis show ${BROWN}categories${NORMAL} (display test categories) SHOW_HELP="lynis show ${BROWN}categories${NORMAL} (display test categories)

63
include/parameters
View File

@ -247,29 +247,9 @@
DEVELOPER_MODE=1 DEVELOPER_MODE=1
;; ;;
# Display all available options with short alias # Enable forensics mode (gather information from a mounted directory)
--dump-options | --dumpoptions) --forensics)
OPTIONS="--auditor FORENSICS=1
--check-all_(-c) --cronjob_(--cron)
--debug
--help_(-h)
--info
--license-key --log-file
--manpage_(--man)
--no-colors --no-log
--pentest --profile --plugins-dir
--quiet_(-q) --quick_(-Q)
--report-file --reverse-colors
--tests
--upload
--version_(-V)"
for ITEM in ${OPTIONS}; do
echo "${ITEM}" | tr '_' ' '
done
echo "This option is deprecated"
echo "Use: lynis show options"
ExitClean
;; ;;
# View help # View help
@ -277,19 +257,6 @@
VIEWHELP=1 VIEWHELP=1
;; ;;
# View program/database information
--check-update | --check-updates | --info)
echo "This option is deprecated"
echo "Use: lynis update info"
ExitClean
;;
# License key for Lynis Enterprise
--license-key)
shift
LICENSE_KEY=$1
;;
# Adjust default logfile location # Adjust default logfile location
--logfile | --log-file) --logfile | --log-file)
shift shift
@ -455,6 +422,30 @@
exit 1 exit 1
;; ;;
# Soon to be deprecated options
# View program/database information
--check-update | --check-updates | --info)
echo "This option is deprecated"
echo "Use: lynis update info"
ExitFatal
;;
# Display all available options with short alias
--dump-options | --dumpoptions)
echo "This option is deprecated"
echo "Use: lynis show options"
ExitFatal
;;
# License key for Lynis Enterprise
--license-key)
echo "This option is deprecated"
echo "Define a license key in /etc/lynis/custom.prf"
ExitFatal
;;
# Drop out when using wrong option(s) # Drop out when using wrong option(s)
*) *)
# Wrong option used, we bail out later # Wrong option used, we bail out later

14
include/report
View File

@ -215,6 +215,20 @@
echo " - Malware scanner [${MALWARE}${NORMAL}]" echo " - Malware scanner [${MALWARE}${NORMAL}]"
echo "" echo ""
echo " ${SECTION}Scan mode${NORMAL}:"
if [ ${FORENSICS} -eq 1 ]; then
echo " Normal [ ] Forensics [V] Pentest [ ]"
elif [ ${PENTESTINGMODE} -eq 1 ]; then
if [ ${PRIVILEGED} -eq 0 ]; then
echo " Normal [ ] Forensics [ ] Pentest [V] (running non-privileged)"
else
echo " Normal [ ] Forensics [ ] Pentest [V] (running privileged)"
fi
else
echo " Normal [V] Forensics [ ] Pentest [ ]"
fi
echo ""
echo " ${SECTION}Lynis modules${NORMAL}:" echo " ${SECTION}Lynis modules${NORMAL}:"
if [ ${COMPLIANCE_TESTS_PERFORMED} -eq 1 ]; then if [ ${COMPLIANCE_TESTS_PERFORMED} -eq 1 ]; then
if [ ${COMPLIANCE_FINDINGS_FOUND} -eq 0 ]; then COMPLIANCE="${GREEN}V"; else COMPLIANCE="${RED}X"; fi if [ ${COMPLIANCE_FINDINGS_FOUND} -eq 0 ]; then COMPLIANCE="${GREEN}V"; else COMPLIANCE="${RED}X"; fi

11
lynis
View File

@ -429,10 +429,9 @@ ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${
${WHITE}Options:${NORMAL} ${WHITE}Options:${NORMAL}
${GRAY}--no-log${NORMAL} : Don't create a log file ${WHITE}Alternative system audit modes${NORMAL}
${GRAY}--pentest${NORMAL} : Non-privileged scan (useful for pentest) ${GRAY}--forensics${NORMAL} : Perform forensics on a running or mounted system
${GRAY}--profile ${BROWN}<profile>${NORMAL} : Scan the system with the given profile file ${GRAY}--pentest${NORMAL} : Non-privileged, show points of interest for pentesting
${GRAY}--quick (-Q)${NORMAL} : Quick mode, don't wait for user input
${WHITE}Layout options${NORMAL} ${WHITE}Layout options${NORMAL}
${GRAY}--no-colors${NORMAL} : Don't use colors in output ${GRAY}--no-colors${NORMAL} : Don't use colors in output
@ -441,9 +440,12 @@ ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${
${WHITE}Misc options${NORMAL} ${WHITE}Misc options${NORMAL}
${GRAY}--debug${NORMAL} : Debug logging to screen ${GRAY}--debug${NORMAL} : Debug logging to screen
${GRAY}--no-log${NORMAL} : Don't create a log file
${GRAY}--profile ${BROWN}<profile>${NORMAL} : Scan the system with the given profile file
${GRAY}--view-manpage (--man)${NORMAL} : View man page ${GRAY}--view-manpage (--man)${NORMAL} : View man page
${GRAY}--verbose${NORMAL} : Show more details on screen ${GRAY}--verbose${NORMAL} : Show more details on screen
${GRAY}--version (-V)${NORMAL} : Display version number and quit ${GRAY}--version (-V)${NORMAL} : Display version number and quit
${GRAY}--wait${NORMAL} : Wait between a set of tests
${WHITE}Enterprise options${NORMAL} ${WHITE}Enterprise options${NORMAL}
${GRAY}--plugindir ${BROWN}<path>${NORMAL} : Define path of available plugins ${GRAY}--plugindir ${BROWN}<path>${NORMAL} : Define path of available plugins
@ -451,6 +453,7 @@ ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${
More options available. Run '$0 show options', or use the man page. More options available. Run '$0 show options', or use the man page.
" "
if [ ${WRONGOPTION} -eq 1 ]; then if [ ${WRONGOPTION} -eq 1 ]; then