tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-26 23:34:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix for incorrect subdirectory retrieval and adding enhancement to reduce number of evaluations needed

Browse Source
This commit is contained in:
Michael Boelen 2019-07-08 21:20:45 +02:00
parent 054ca21ee3
commit f3f6be6630
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
include/tests_crypto
View File

@ -34,6 +34,7 @@
COUNT_EXPIRED=0 COUNT_EXPIRED=0
COUNT_TOTAL=0 COUNT_TOTAL=0
FOUNDPROBLEM=0 FOUNDPROBLEM=0
SKIP=0
sSSL_PATHS=$(echo ${SSL_CERTIFICATE_PATHS} | ${SEDBINARY} 's/:space:/__space__/g' | ${SEDBINARY} 's/:/ /g') sSSL_PATHS=$(echo ${SSL_CERTIFICATE_PATHS} | ${SEDBINARY} 's/:space:/__space__/g' | ${SEDBINARY} 's/:/ /g')
sSSL_PATHS=$(echo ${sSSL_PATHS} | ${SEDBINARY} 's/^ //' | ${SORTBINARY} | ${UNIQBINARY}) sSSL_PATHS=$(echo ${sSSL_PATHS} | ${SEDBINARY} 's/^ //' | ${SORTBINARY} | ${UNIQBINARY})
LogText "Paths to scan: ${sSSL_PATHS}" LogText "Paths to scan: ${sSSL_PATHS}"
@ -46,20 +47,30 @@
if [ -d ${DIR} ]; then if [ -d ${DIR} ]; then
FileIsReadable ${DIR} FileIsReadable ${DIR}
if [ ${CANREAD} -eq 1 ]; then if [ ${CANREAD} -eq 1 ]; then
LASTSUBDIR=""
LogText "Result: found directory ${DIR}" LogText "Result: found directory ${DIR}"
# Search for certificate files # Search for certificate files
FILES=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".crt$|.pem$|^cert" | ${SORTBINARY} | ${SEDBINARY} 's/ /__space__/g') FILES=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".crt$|.pem$|^cert" | ${SORTBINARY} | ${SEDBINARY} 's/ /__space__/g')
for FILE in ${FILES}; do for FILE in ${FILES}; do
SKIP=0
FILE=$(echo ${FILE} | ${SEDBINARY} 's/__space__/ /g') FILE=$(echo ${FILE} | ${SEDBINARY} 's/__space__/ /g')
# See if we need to skip this path # See if we need to skip this path
SUBDIR=$(echo ${FILE} | ${AWKBINARY} -F/ '{print $NF}' | ${SEDBINARY} 's/__space__/ /g') SUBDIR=$(echo ${FILE} | ${AWKBINARY} -F/ 'sub(FS $NF,x)' | ${SEDBINARY} 's/__space__/ /g')
# If we discover a new directory, do evaluation
#Debug "File : ${FILE}"
#Debug "Lastdir: ${LASTSUBDIR}"
#Debug "Curdir : ${SUBDIR}"
if [ ! "${SUBDIR}" = "${LASTSUBDIR}" ]; then
SKIP=0
# Now check if this path is on the to-be-ignored list
for D in ${SSL_CERTIFICATE_PATHS_TO_IGNORE}; do for D in ${SSL_CERTIFICATE_PATHS_TO_IGNORE}; do
if Equals "${D}" "${SUBDIR}"; then if Equals "${D}" "${SUBDIR}"; then
SKIP=1 SKIP=1
LogText "Result: skipping directory (${SUBDIR}) as it is on ignore list"
fi fi
done done
fi
if [ ${SKIP} -eq 0 ]; then if [ ${SKIP} -eq 0 ]; then
#Debug "Testing ${FILE} in path: $SUBDIR"
COUNT_DIR=$((COUNT_DIR + 1)) COUNT_DIR=$((COUNT_DIR + 1))
FileIsReadable "${FILE}" FileIsReadable "${FILE}"
if [ ${CANREAD} -eq 1 ]; then if [ ${CANREAD} -eq 1 ]; then
@ -93,9 +104,8 @@
else else
LogText "Result: can not read file ${FILE} (no permission)" LogText "Result: can not read file ${FILE} (no permission)"
fi fi
else
LogText "Result: path ${SUBDIR} skipped according to profile"
fi fi
LASTSUBDIR="${SUBDIR}"
done done
COUNT_TOTAL=$((COUNT_TOTAL + COUNT_DIR)) COUNT_TOTAL=$((COUNT_TOTAL + COUNT_DIR))
LogText "Result: found ${COUNT_DIR} certificates in ${DIR}" LogText "Result: found ${COUNT_DIR} certificates in ${DIR}"