tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/CISOfy/Lynis

This commit is contained in:
mboelen 2015-09-07 21:07:57 +02:00
parent d4f024faa6 59390f1717
commit f551da1c99
27 changed files with 67 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CHANGELOG
View File

@ -981,7 +981,7 @@
- Added Squid test: reply_body_max_size option [SQD-3630]
- Added /etc/init.d/rc and /etc/init.d/rcS to umask test [AUTH-9328]
- Check PHP option allow_url_include [PHP-2378]
Changes:
- Extended possible Squid configuration file locations
- Added additional sysctl keys to default profile
@ -1158,7 +1158,7 @@
- nginx configuration file check [HTTP-6704]
- Exim status check [MAIL-8802]
- Postfix status check [MAIL-8814]
Changes:
- atd needs to run before testing at files [SCHD-7720]
- Removed Solaris OS requirement from logrotate test [LOGG-2148]
@ -1168,7 +1168,7 @@
- Binary scan optimized and partially combined with other check
- Only perform iptables tests if kernel module is active
- Don't show message when /etc/shells can't be found [SHLL-6211]
- Check /var/spool/cron/crontabs first, if it exists [SCHD-7704]
- Check /var/spool/cron/crontabs first, if it exists [SCHD-7704]
- Renumbered FreeBSD test SHLL-7225 [SHLL-6202]
- Renumbered malware test MALW-3292 [HRDN-7230]
- Improved grep on process status [PRNT-2304]
@ -1358,10 +1358,10 @@
New:
- New test: Passwordless Solaris accounts test [AUTH-9254]
- New test: AFICK file integrity [FINT-4310]
- New test: AIDE file integrity [FINT-4314]
- New test: Osiris file integrity [FINT-4318]
- New test: Samhain file integrity [FINT-4322]
- New test: Tripwire file integrity [FINT-4326]
- New test: AIDE file integrity [FINT-4314]
- New test: Osiris file integrity [FINT-4318]
- New test: Samhain file integrity [FINT-4322]
- New test: Tripwire file integrity [FINT-4326]
- New tests: NIS and NIS+ authentication test [AUTH-9240/42]
- Initial support added for AFICK, AIDE, Osiris, Samhain, Tripwire
@ -1387,12 +1387,12 @@
- New test: Promiscuous network interfaces (Linux) [NETW-3015]
- Report option 'bootloader' added to several tests
- Added readlink binary check
Changes:
- Extended file check (IsWorldWritable) for symlinks
- Show result if no default gateway is found [NETW-3001]
- Added /usr/local/etc to sudoers test [AUTH-9250]
- Improved FreeBSD banner output [BANN-7113]
- Improved FreeBSD banner output [BANN-7113]
- Removed incorrect line at promiscuous interface test [NETW-3014]
- Fix: Show only once the GRUB test output [BOOT-5121]
- Fix: Typo in NTP test [TIME-3104]
@ -1440,7 +1440,7 @@
- New test: checking for heavy IO waiting processes [PROC-3614]
- Initial HP-UX support (untested)
- Initial AIX support (untested)
- Added iptables binary check
- Added iptables binary check
- Added dig check, for DNS related tests
- Added option --no-colors to remove all colors from screen output
- Added option --reverse-colors for optimizing output at light backgrounds
@ -1460,7 +1460,7 @@
- Several tests have their warning reporting improved
- Improved SuSE Linux detection
- Improved syslog-ng detection
- Adjusted README with link to online (extended) documentation
- Adjusted README with link to online (extended) documentation
--
@ -1470,7 +1470,7 @@
- New test: Check writable startup scripts [BOOT-5184]
- New test: Syslog-NG consistency check [LOGG-2134]
- New test: Check yum-utils package and scanning package database [PKGS-7384]
- New test: Test for empty ruleset when iptables is loaded [FIRE-4512]
- New test: Test for empty ruleset when iptables is loaded [FIRE-4512]
- New test: Check for expired SSL certificates [CRYP-7902]
- New test: Check for LDAP authentication support [AUTH-9238]
- New test: Read available crontab/cron files [SCHD-7704]
@ -1509,7 +1509,7 @@
* 1.1.5 (2008-06-10)
New:
- Assigned ID to Apache configuration file test [HTTP-6624]
- Assigned ID to Apache configuration file test [HTTP-6624]
- Added pause_between_tests to profile file, to regulate the speed of a scan
- Assigned ID to dpkg test and solved issue with colon in package names [PKG-7345]
- Assigned ID to Solaris package test [PKG-7306]
@ -1792,12 +1792,12 @@
--
* 1.0.3 (2007-11-19)
New:
- Added check for sockstat
- Test: added test for GRUB and password option
- Test: query listening ports (sockstat)
Changes:
- Fixed NTPd check (bug)
- Extended help for 'double installed package' check (BSD systems, pkg_info)
@ -1849,7 +1849,7 @@
Changes:
- [bug] Changed skel directory check
- Fixed display Apache configuration file
--
* 1.0.0 (2007-11-08)

2
CONTRIBUTIONS.md
View File

@ -36,4 +36,4 @@ To ensure all pull requests can be easily checked and merged, here are some tips
* Your code should work on other platforms running the bourne shell (/bin/sh), not just BASH.
* Properly document your code where needed. Besides the 'what', focus on explaining the 'why'.
* Check the log information (lynis.log) of your new test or changed code, so that it provides helpful details for others.
* Most variables should be capitalized, with underscore as word separator (e.g. PROCESS_EXISTS=1)
* Most variables should be capitalized, with underscore as word separator (e.g. PROCESS_EXISTS=1)

2
FAQ
View File

@ -58,7 +58,7 @@
have a dark background, so it gives extra attention to the message. However
if you have a white background (for example Mac OS X), you can run Lynis
with --no-colors to strip colors or --reverse-colors to reverse the color
scheme. Another option is to change your terminal colors within Mac OS.
scheme. Another option is to change your terminal colors within Mac OS.
Q: Some tests take very long to finish, what to do?
A: Use a second console (or connection) and check the output of ps/lsof etc,

2
db/fileperms.db
View File

@ -9,7 +9,7 @@
# 5) file group owner
# 6) operating system, or systems
# 7) operating system special
# 8)
# 8)
#
#==================================================
file:/etc/group:644:root:root:Linux:

2
db/hints.db
View File

@ -1,2 +1,2 @@
#version=20091015
100:Did you know? Lynis has a --cronjob option for optimized output while running on scheduled times.:
100:Did you know? Lynis has a --cronjob option for optimized output while running on scheduled times.:

2
db/malware-susp.db
View File

@ -1,4 +1,4 @@
#version=2009101500
vuln.txt:::
crack*:::
exploit*:::
exploit*:::

2
db/malware.db
View File

@ -41,4 +41,4 @@
/tmp/.b:::Slapper:::
/usr/man/.sman/sk:::Superkit:::
/usr/lib/.tbd:::TBD:::
/sbin/.login:::Login backdoor:::
/sbin/.login:::Login backdoor:::

2
db/sbl.db
View File

@ -1,2 +1,2 @@
#version=2008052800
php:5.2.5
php:5.2.5

8
debian/README.Debian vendored
View File

@ -1,20 +1,20 @@
lynis for Debian
----------------
When execute Lynis from Debian menu, the program runs with the following
When execute Lynis from Debian menu, the program runs with the following
parameter:
lynis --no-colors
It makes a full system check, with the default profile file
It makes a full system check, with the default profile file
(/etc/lynis/default.prf). Please adjust this config file with your needs.
For better perform, launch Lynis from a terminal, as root user, with your best
configuration.
Lynis can be executed directly:
# lynis -c
or
# lynis -c
or
# lynis
After Lynis runs the system check, it creates the following two files with the

4
debian/rules vendored
View File

@ -12,13 +12,13 @@ clean:
dh_testdir
dh_testroot
rm -f build-stamp
dh_clean
dh_clean
install: build
dh_testdir
dh_testroot
dh_prep
dh_prep
# Add here commands to install the package into debian/lynis.
install -D -m 0755 $(CURDIR)/lynis $(CURDIR)/debian/lynis/usr/sbin/lynis

6
default.prf
View File

@ -122,7 +122,7 @@ sysctl:kernel.use-nx:0:1:XXX:
[network]
sysctl:net.inet.icmp.bmcastecho:0:1:Ignore ICMP packets directed to broadcast address:
sysctl:net.inet.icmp.rediraccept:0:1:Disable incoming ICMP redirect routing redirects:
sysctl:net.inet.ip.accept_sourceroute:0:1:Disable IP source routing:
sysctl:net.inet.ip.accept_sourceroute:0:1:Disable IP source routing:
sysctl:net.inet.ip.redirect:0:1:Disable/Ignore ICMP routing redirects:
sysctl:net.inet.ip.sourceroute:0:1:Disable IP source routing:
sysctl:net.inet.ip6.redirect:0:1:Disable/Ignore ICMP routing redirects:
@ -149,9 +149,9 @@ sysctl:net.ipv4.tcp_syncookies:1:1:Use SYN cookies to prevent SYN attack:
sysctl:net.ipv4.tcp_timestamps:0:1:Do not use TCP time stamps:
sysctl:net.ipv6.conf.all.send_redirects:0:1:Disable/ignore ICMP routing redirects:
sysctl:net.ipv6.conf.all.accept_redirects:0:1:Disable/Ignore ICMP routing redirects:
sysctl:net.ipv6.conf.all.accept_source_route:0:1:Disable IP source routing:
sysctl:net.ipv6.conf.all.accept_source_route:0:1:Disable IP source routing:
sysctl:net.ipv6.conf.default.accept_redirects:0:1:Disable/Ignore ICMP routing redirects:
sysctl:net.ipv6.conf.default.accept_source_route:0:1:Disable IP source routing:
sysctl:net.ipv6.conf.default.accept_source_route:0:1:Disable IP source routing:
[security]
#sysctl:kern.securelevel:1^2^3:1:FreeBSD security level:

2
extras/README
View File

@ -6,4 +6,4 @@
- Integrity checks and tools
- Development tools
================================================================================
================================================================================

4
extras/build-lynis.sh
View File

@ -364,7 +364,7 @@ Exit
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
echo -n "- Cleaning up OpenBSD package build... "
echo -n "- Cleaning up OpenBSD package build... "
if [ -f openbsd/+CONTENTS ]; then rm openbsd/+CONTENTS; fi
echo "DONE"
OPENBSD_CONTENTS="openbsd/+CONTENTS"
@ -377,7 +377,7 @@ Exit
for I in ${PACKAGE_LIST_FILES}; do
echo -n "${I} "
#FULLNAME=`cat files.dat | grep ":file:include:
#FULLNAME=`cat files.dat | grep ":file:include:
#echo "${FULLNAME}" >> ${OPENBSD_CONTENTS}
echo "${I}" >> ${OPENBSD_CONTENTS}
FILE="../${I}"

8
include/functions
View File

@ -89,10 +89,10 @@
# If 'file' is an directory, use -d
if [ -d ${CHECKFILE} ]; then
FILEVALUE=`ls -d -l ${CHECKFILE} | cut -c 2-10`
PROFILEVALUE=`cat ${PROFILE} | grep '^permdir' | grep ":${CHECKFILE}:" | cut -d: -f3`
PROFILEVALUE=`cat ${PROFILE} | grep '^permdir' | grep ":${CHECKFILE}:" | cut -d: -f3`
else
FILEVALUE=`ls -l ${CHECKFILE} | cut -c 2-10`
PROFILEVALUE=`cat ${PROFILE} | grep '^permfile' | grep ":${CHECKFILE}:" | cut -d: -f3`
PROFILEVALUE=`cat ${PROFILE} | grep '^permfile' | grep ":${CHECKFILE}:" | cut -d: -f3`
fi
if [ "${FILEVALUE}" = "${PROFILEVALUE}" ]; then PERMS="OK"; else PERMS="BAD"; fi
fi
@ -1060,7 +1060,7 @@
if [ ! "${FIND}" = "" ]; then SKIPTEST=1; SKIPREASON="Skipped by configuration"; fi
fi
# Skip if test is not in the list
# Skip if test is not in the list
if [ ${SKIPTEST} -eq 0 -a ! "${TESTS_TO_PERFORM}" = "" ]; then
FIND=`echo "${TESTS_TO_PERFORM}" | grep "${TEST_NO}"`
if [ "${FIND}" = "" ]; then SKIPTEST=1; SKIPREASON="Test not in list of tests to perform"; fi
@ -1146,7 +1146,7 @@
{
if [ $1 = "" ]; then TESTID="UNKNOWN"; fi
# Status: OK, WARNING, NEUTRAL, SUGGESTION
# Impact: HIGH, SEVERE, LOW,
# Impact: HIGH, SEVERE, LOW,
#report "result[]=TESTID-${TESTID},STATUS-$2,IMPACT-$3,MESSAGE-$4-"
# Reset ID before next test
TESTID=""

2
include/tests_crypto
View File

@ -29,7 +29,7 @@
if [ ${SKIPTEST} -eq 0 ]; then
FOUNDPROBLEM=0
# Check profile for paths to check
sSSL_PATHS=`grep "^ssl:certificates:" ${PROFILE} | cut -d ':' -f3`
sSSL_PATHS=`grep "^ssl:certificates:" ${PROFILE} | cut -d ':' -f3`
for I in ${sSSL_PATHS}; do
if [ -d ${I} ]; then
FileIsReadable ${I}

2
include/tests_databases
View File

@ -79,7 +79,7 @@
Display --indent 4 --text "- Checking empty MySQL root password" --result WARNING --color RED
AddHP 0 5
else
logtext "Result: Login did not succeed, so a MySQL root password is set"
logtext "Result: Login did not succeed, so a MySQL root password is set"
Display --indent 4 --text "- Checking MySQL root password" --result OK --color GREEN
AddHP 2 2
fi

2
include/tests_file_integrity
View File

@ -94,7 +94,7 @@
Register --test-no FINT-4316 --preqs-met ${PREQS_MET} --weight L --network NO --description "AIDE configuration: Checksums (SHA256 or SHA512)"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=`${GREPBINARY} "^Checksums" ${AIDECONFIG}`
FIND2=`${GREPBINARY} "^Checksums" ${AIDECONFIG} | ${EGREPBINARY} "sha256|sha512"`
FIND2=`${GREPBINARY} "^Checksums" ${AIDECONFIG} | ${EGREPBINARY} "sha256|sha512"`
if [ "${FIND}" = "" ]; then
logtext "Result: Unclear how AIDE is dealing with checksums"
Display --indent 6 --text "- AIDE config (Checksums)" --result UNKNOWN --color YELLOW

2
include/tests_filesystems
View File

@ -322,7 +322,7 @@
#SKELDIRS="/etc/skel /usr/share/skel"
#for I in ${SKELDIRS}; do
#
#
# logtext "Searching skel directory ${I}"
#
# if [ -d ${I} ]; then

6
include/tests_kernel
View File

@ -49,7 +49,7 @@
logtext "Result: Found match on runlevel5/graphical"
Display --indent 2 --text "- Checking default runlevel" --result "runlevel 5" --color GREEN
report "linux_default_runlevel=5"
else
else
logtext "Result: No match found on runlevel, defaulting to runlevel 3"
Display --indent 2 --text "- Checking default runlevel" --result "runlevel 3" --color GREEN
report "linux_default_runlevel=3"
@ -378,7 +378,7 @@
if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking presence /etc/security/limits.conf"
if [ -f /etc/security/limits.conf ]; then
logtext "Result: file /etc/security/limits.conf exists"
logtext "Result: file /etc/security/limits.conf exists"
logtext "Test: Checking if core dumps are disabled in /etc/security/limits.conf"
FIND1=`cat /etc/security/limits.conf | grep -v "^#" | grep -v "^$" | awk '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="1") { print "soft core enabled" } }'`
FIND2=`cat /etc/security/limits.conf | grep -v "^#" | grep -v "^$" | awk '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="1") { print "hard core enabled" } }'`
@ -440,7 +440,7 @@
FILE="/var/run/reboot-required.pkgs"
logtext "Test: Checking presence ${FILE}"
if [ -f ${FILE} ]; then
logtext "Result: file ${FILE} exists"
logtext "Result: file ${FILE} exists"
FIND=`cat ${FILE}`
if [ "${FIND}" = "" ]; then
logtext "Result: No reboot needed (file empty)"

4
include/tests_mac_frameworks
View File

@ -71,7 +71,7 @@
elif [ ${FIND} -eq 1 ]; then
logtext "Result: AppArmor is disabled"
Display --indent 4 --text "- Checking AppArmor status" --result "DISABLED" --color YELLOW
else
else
Display --indent 4 --text "- Checking AppArmor status" --result "UNKNOWN" --color RED
ReportException "${TEST_NO}:1" "Invalid or unknown AppArmor status detected"
fi
@ -119,7 +119,7 @@
Display --indent 6 --text "- Checking current mode and config file" --result "OK" --color GREEN
else
logtext "Result: Current SELinux mode (${FIND}) is NOT the same as in config file (${FIND2})."
ReportWarning ${TEST_NO} "M" "Current SELinux mode is different from config file (current: ${FIND}, config file: ${FIND2})"
ReportWarning ${TEST_NO} "M" "Current SELinux mode is different from config file (current: ${FIND}, config file: ${FIND2})"
Display --indent 6 --text "- Checking current mode and config file" --result "WARNING" --color RED
fi
Display --indent 8 --text "Current SELinux mode: ${FIND}"

2
include/tests_malware
View File

@ -47,7 +47,7 @@
#################################################################################
#
# Test : MALW-3276
# Description : Check for installed tool (Rootkit Hunter)
# Description : Check for installed tool (Rootkit Hunter)
Register --test-no MALW-3276 --weight L --network NO --description "Check for Rootkit Hunter"
if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: checking presence Rootkit Hunter"

2
include/tests_memory_processes
View File

@ -64,7 +64,7 @@
#
# Test : PROC-3612
# Description : Searching for dead and zombie processes
# Notes : Don't perform test on Solaris
# Notes : Don't perform test on Solaris
if [ ! "${OS}" = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PROC-3612 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check dead or zombie processes"
if [ ${SKIPTEST} -eq 0 ]; then

4
include/tests_nameservices
View File

@ -94,7 +94,7 @@
# Check amount of search domains (max 1)
FIND=`cat /etc/resolv.conf | grep "^search" | wc -l | tr -s ' ' | tr -d ' '`
if [ ! "${FIND}" = "0" -a ! "${FIND}" = "1" ]; then
logtext "Result: found ${FIND} line(s) with a search statement (expecting less than 2 lines)"
logtext "Result: found ${FIND} line(s) with a search statement (expecting less than 2 lines)"
Display --indent 4 --text "- Checking search domains lines" --result "CONFIG ERROR" --color YELLOW
ReportWarning ${TEST_NO} "L" "Found more than 1 search lines in /etc/resolv.conf, which is probably a misconfiguration"
else
@ -566,7 +566,7 @@
fi
fi
# Check if we found any NIS domain
if [ ! "${NISDOMAIN}" = "" ]; then
if [ ! "${NISDOMAIN}" = "" ]; then
logtext "Found NIS domain: ${NISDOMAIN}"
report "nisdomain=${NISDOMAIN}"
Display --indent 4 --text "- Checking NIS domain" --result "FOUND" --color GREEN

2
include/tests_ports_packages
View File

@ -860,7 +860,7 @@
SCAN_PERFORMED=0
# Update portage.
# Multiple ways to do this. Some require extra packages to be installed,
# others require potential firewall ports to be open, outbound. This is the
# others require potential firewall ports to be open, outbound. This is the
# "most friendly" way.
logtext "Action: updating portage with emerge-webrsync"
/usr/bin/emerge-webrsync --quiet 2> /dev/null

6
include/tests_storage_nfs
View File

@ -59,7 +59,7 @@
#
# Test : STRG-1906
# Description : Check nfs protocols (TCP/UDP) and port in rpcinfo
if [ ! "${RPCINFOBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
if [ ! "${RPCINFOBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no STRG-1906 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nfs rpc"
if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking NFS registered protocols"
@ -114,7 +114,7 @@
# Description : Check NFS exports
if [ ${NFS_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no STRG-1926 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking NFS exports"
if [ ${SKIPTEST} -eq 0 ]; then
if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: check /etc/exports"
if [ -f /etc/exports ]; then
logtext "Result: /etc/exports exists"
@ -139,7 +139,7 @@
#
# Test : STRG-1928
# Description : Check for empty exports file while NFS is running
if [ ${NFS_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
if [ ${NFS_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no STRG-1928 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking empty /etc/exports"
if [ ${SKIPTEST} -eq 0 ]; then
if [ ${NFS_EXPORTS_EMPTY} -eq 1 ]; then

15
include/tests_webservers
View File

@ -50,9 +50,13 @@
# Test : HTTP-6622
# Description : Test for Apache installation
# Notes : Do not run on NetBSD, -v is unknown option for httpd binary
# On OpenBSD do not run /usr/sbin/httpd with -v: builtin non-Apache
if [ ! "${OS}" = "NetBSD" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no HTTP-6622 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking Apache presence"
if [ ${SKIPTEST} -eq 0 ]; then
if [ "${OS}" = "OpenBSD" -a "${HTTPDBINARY}" = "/usr/sbin/httpd" ]; then
HTTPDBINARY=""
fi
if [ "${HTTPDBINARY}" = "" ]; then
Display --indent 2 --text "- Checking Apache" --result "NOT FOUND" --color WHITE
else
@ -194,9 +198,9 @@
# # Configuration specific tests
# SERVERTOKENSFOUND=0
# APACHE_CONFIGFILES="${APACHE_CONFIGFILE} /usr/local/etc/apache22/extra/httpd-default.conf /etc/apache2/sysconfig.d/global.conf"
#
#
# for APACHE_CONFIGFILE in ${APACHE_CONFIGFILES}; do
# if [ -f ${APACHE_CONFIGFILE} ]; then
# if [ -f ${APACHE_CONFIGFILE} ]; then
# # Check if option ServerTokens is configured
# SERVERTOKENSTEST=`cat ${APACHE_CONFIGFILE} | grep ServerTokens | grep -v '^#'`
# if [ ! "${SERVERTOKENSTEST}" = "" ]; then
@ -215,17 +219,17 @@
# else
# Display --indent 4 --text "- Checking option ServerTokens" --result "NOT FOUND" --color WHITE
# fi
#
#
# else
# # File does not exist, skipping
# logtext "File ${APACHE_CONFIGFILE} does not exist, so skipping tests on this file"
# fi
# done
#
#
# # Display results from checks
# if [ ${SERVERTOKENSFOUND} -eq 1 ]; then
# Display --indent 6 --text "- Value of ServerTokens" --result OK --color GREEN
# else
# else
# Display --indent 6 --text "- Value of ServerTokens" --result WARNING --color RED
# ReportWarning ${TEST_NO} "M" "Value of 'ServerTokens' in Apache config is different than template"
# fi
@ -418,6 +422,7 @@
# Remove temp file
if [ ! "${TMPFILE}" = "" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi
N=0
cat ${NGINX_CONF_LOCATION} | sed -e 's/^[ \t]*//' | grep -v "^#" | grep -v "^$" | sed 's/[\t]/ /g' | sed 's/ / /g' | sed 's/ / /g' >> ${TMPFILE}
# Search for included configuration files (may include directories and wild cards)
FIND=`grep "include" ${NGINX_CONF_LOCATION} | ${AWKBINARY} '{ if ($1=="include") { print $2 }}' | sed 's/;$//g'`
for I in ${FIND}; do

2
lynis
View File

@ -488,7 +488,7 @@
echo " Program version: ${PROGRAM_version}"
echo " Operating system: ${OS}"
echo " Operating system name: ${OS_NAME}"
echo " Operating system version: ${OS_VERSION}"
echo " Operating system version: ${OS_VERSION}"
if [ ! "${OS_MODE}" = "" ]; then echo " Operating system mode: ${OS_MODE}"; fi
echo " Kernel version: ${OS_KERNELVERSION}"
echo " Hardware platform: ${HARDWARE}"