tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-31 01:34:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

First round of cleanups and textual improvements

Browse Source
This commit is contained in:
Michael Boelen 2019-07-10 19:36:51 +02:00
parent 83d510934d
commit f5adb68e00
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 58 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
include/functions
View File

@ -118,7 +118,8 @@
# Name : AddHP() # Name : AddHP()
# Description : Add hardening points and count them # Description : Add hardening points and count them
# #
# Input : $1 = points to add, $2 = maximum points for this item # Parameters : $1 = points to add (0 or higher)
# $2 = maximum points (at least value of $1 or higher)
# Returns : <nothing> # Returns : <nothing>
# Usage : AddHP 1 3 # Usage : AddHP 1 3
################################################################################ ################################################################################
@ -139,7 +140,9 @@
# Name : AddSetting() # Name : AddSetting()
# Description : Addition of a setting for display with 'lynis show settings' # Description : Addition of a setting for display with 'lynis show settings'
# #
# Input : $1 = setting, $2 = value, $3 description # Parameters : $1 = setting
# $2 = value
# $3 = description
# Returns : <nothing> # Returns : <nothing>
# Usage : AddSetting debug 1 'Debug mode' # Usage : AddSetting debug 1 'Debug mode'
################################################################################ ################################################################################
@ -163,7 +166,7 @@
TEMP_SETTINGS_FILE="${TEMP_FILE}" TEMP_SETTINGS_FILE="${TEMP_FILE}"
cat ${SETTINGS_FILE} > ${TEMP_SETTINGS_FILE} cat ${SETTINGS_FILE} > ${TEMP_SETTINGS_FILE}
sed -e '/^'"${SETTING}"';/d' ${TEMP_SETTINGS_FILE} > ${SETTINGS_FILE} sed -e '/^'"${SETTING}"';/d' ${TEMP_SETTINGS_FILE} > ${SETTINGS_FILE}
rm ${TEMP_SETTINGS_FILE} rm "${TEMP_SETTINGS_FILE}"
echo "${SETTING};${VALUE};${DESCRIPTION};" >> ${SETTINGS_FILE} echo "${SETTING};${VALUE};${DESCRIPTION};" >> ${SETTINGS_FILE}
fi fi
else else
@ -176,7 +179,7 @@
# Name : AddSystemGroup() # Name : AddSystemGroup()
# Description : Adds a system to a group, which can be used for categorizing # Description : Adds a system to a group, which can be used for categorizing
# #
# Input : Group name # Parameters : $1 = group name
# Returns : <nothing> # Returns : <nothing>
# Usage : AddSystemGroup "test" # Usage : AddSystemGroup "test"
################################################################################ ################################################################################
@ -190,13 +193,13 @@
# Name : CheckFilePermissions() # Name : CheckFilePermissions()
# Description : Check file permissions # Description : Check file permissions
# #
# Input : full path to file or directory # Parameters : Full path to file or directory
# Returns : PERMS (FILE_NOT_FOUND | OK | BAD) # Returns : PERMS (FILE_NOT_FOUND | OK | BAD)
# Notes : This function might be replaced in future # Notes : This function might be replaced in future
################################################################################ ################################################################################
CheckFilePermissions() { CheckFilePermissions() {
CHECKFILE=$1 CHECKFILE="$1"
if [ ! -d ${CHECKFILE} -a ! -f ${CHECKFILE} ]; then if [ ! -d ${CHECKFILE} -a ! -f ${CHECKFILE} ]; then
PERMS="FILE_NOT_FOUND" PERMS="FILE_NOT_FOUND"
else else
@ -217,13 +220,13 @@
# Name : CheckItem() # Name : CheckItem()
# Description : Check if a specific item exists in the report # Description : Check if a specific item exists in the report
# #
# Input : $1 = key, $2 = value # Parameters : $1 = key
# Returns : ITEM_FOUND # $2 = value
# Usage : CheckItem "key" "value" # Returns : True (0) or False (1)
# Usage : if CheckItem "key" "value"; then ....; fi
################################################################################ ################################################################################
CheckItem() { CheckItem() {
ITEM_FOUND=0
RETVAL=255 RETVAL=255
if [ $# -eq 2 ]; then if [ $# -eq 2 ]; then
# Don't search in /dev/null, it's too empty there # Don't search in /dev/null, it's too empty there
@ -232,7 +235,6 @@
LogText "Test: search string $2 in earlier discovered results" LogText "Test: search string $2 in earlier discovered results"
FIND=$(egrep "^$1(\[\])?=" ${REPORTFILE} | egrep "$2") FIND=$(egrep "^$1(\[\])?=" ${REPORTFILE} | egrep "$2")
if HasData "${FIND}"; then if HasData "${FIND}"; then
ITEM_FOUND=1
RETVAL=0 RETVAL=0
LogText "Result: found search string (result: $FIND)" LogText "Result: found search string (result: $FIND)"
else else
@ -2350,6 +2352,7 @@
# Colors with background # Colors with background
BG_BLUE="" BG_BLUE=""
BG_WARNING=""
# Semantic names # Semantic names
BAD="" BAD=""
@ -2364,14 +2367,15 @@
################################################################################ ################################################################################
# Name : RemovePIDFile() # Name : RemovePIDFile()
# Description : When defined, remove the file storing the process ID
################################################################################ ################################################################################
# Remove PID file # Remove PID file
RemovePIDFile() { RemovePIDFile() {
# Test if PIDFILE is defined, before checking file presence # Test if PIDFILE is defined, before checking file presence
if [ ! "${PIDFILE}" = "" ]; then if [ ! -z "${PIDFILE}" ]; then
if [ -f ${PIDFILE} ]; then if [ -f "${PIDFILE}" ]; then
rm -f $PIDFILE; rm -f "${PIDFILE}"
LogText "PID file removed (${PIDFILE})" LogText "PID file removed (${PIDFILE})"
else else
LogText "PID file not found (${PIDFILE})" LogText "PID file not found (${PIDFILE})"
@ -2382,6 +2386,7 @@
################################################################################ ################################################################################
# Name : RemoveTempFiles() # Name : RemoveTempFiles()
# Description : When created, delete any temporary file
################################################################################ ################################################################################
# Remove any temporary files # Remove any temporary files
@ -2392,10 +2397,10 @@
for FILE in ${TEMP_FILES}; do for FILE in ${TEMP_FILES}; do
# Temporary files should be in /tmp # Temporary files should be in /tmp
TMPFILE=$(echo ${FILE} | egrep "^/tmp/lynis" | grep -v "\.\.") TMPFILE=$(echo ${FILE} | egrep "^/tmp/lynis" | grep -v "\.\.")
if [ ! "${TMPFILE}" = "" ]; then if [ ! -z "${TMPFILE}" ]; then
if [ -f ${TMPFILE} ]; then if [ -f "${TMPFILE}" ]; then
LogText "Action: removing temporary file ${TMPFILE}" LogText "Action: removing temporary file ${TMPFILE}"
rm -f ${TMPFILE} rm -f "${TMPFILE}"
else else
LogText "Info: temporary file ${TMPFILE} was already removed" LogText "Info: temporary file ${TMPFILE} was already removed"
fi fi
@ -2411,6 +2416,7 @@
################################################################################ ################################################################################
# Name : Report() # Name : Report()
# Description : Store data in the report file
################################################################################ ################################################################################
Report() { Report() {
@ -2485,12 +2491,14 @@
################################################################################ ################################################################################
# Name : ReportException() # Name : ReportException()
# Description : Store an exceptional event in the report
#
# Parameters : $1 = test ID + colon + 2 numeric characters (TEST-1234:01)
# $2 = string (text)
################################################################################ ################################################################################
# Log exceptions # Log exceptions
ReportException() { ReportException() {
# 1 parameters
# <ID>:<2 char numeric>|text|
Report "exception_event[]=$1|$2|" Report "exception_event[]=$1|$2|"
LogText "Exception: test has an exceptional event ($1) with text $2" LogText "Exception: test has an exceptional event ($1) with text $2"
} }
@ -2498,11 +2506,12 @@
################################################################################ ################################################################################
# Name : ReportManual() # Name : ReportManual()
# Description : Add an item to the report that requires manual intervention
#
# Parameters : $1 = string (text)
################################################################################ ################################################################################
# Log manual actions to report file
ReportManual() { ReportManual() {
# 1 parameter: Text
Report "manual_event[]=$1" Report "manual_event[]=$1"
LogText "Manual: one or more manual actions are required for further testing of this control/plugin" LogText "Manual: one or more manual actions are required for further testing of this control/plugin"
} }
@ -2510,20 +2519,20 @@
################################################################################ ################################################################################
# Name : ReportSuggestion() # Name : ReportSuggestion()
# Description : Log a suggestion to the report file
#
# Parameters : <ID> <Suggestion> <Details> <Solution>
# $1 = Test ID - Lynis ID (use CUST-.... for your own tests)
# $2 = Suggestion - Suggestion text to be displayed
# $3 = Details - Specific item or details
# $4 = Solution - Optional link for additional information:
# * url:https://example.org/how-to-solve-link
# * text:Additional explanation
# * - (dash) for none
################################################################################ ################################################################################
# Log suggestions to report file
ReportSuggestion() { ReportSuggestion() {
TOTAL_SUGGESTIONS=$((TOTAL_SUGGESTIONS + 1)) TOTAL_SUGGESTIONS=$((TOTAL_SUGGESTIONS + 1))
# 4 parameters
# <ID> <Suggestion> <Details> <Solution>
# <ID> Lynis ID (use CUST-.... for your own tests)
# <Suggestion> Suggestion text to be displayed
# <Details> Specific item or details
# <Solution> Optional link for additional information:
# * url:http://site/link
# * text:Additional explanation
# * - for none
if [ $# -eq 0 ]; then echo "Not enough arguments provided for function ReportSuggestion"; ExitFatal; fi if [ $# -eq 0 ]; then echo "Not enough arguments provided for function ReportSuggestion"; ExitFatal; fi
if [ $# -ge 1 ]; then TEST="$1"; else TEST="UNKNOWN"; fi if [ $# -ge 1 ]; then TEST="$1"; else TEST="UNKNOWN"; fi
if [ $# -ge 2 ]; then MESSAGE="$2"; else MESSAGE="UNKNOWN"; fi if [ $# -ge 2 ]; then MESSAGE="$2"; else MESSAGE="UNKNOWN"; fi
@ -2537,9 +2546,9 @@
################################################################################ ################################################################################
# Name : ReportWarning() # Name : ReportWarning()
# Description : Log a warning to the report file
################################################################################ ################################################################################
# Log warning to report file
ReportWarning() { ReportWarning() {
TOTAL_WARNINGS=$((TOTAL_WARNINGS + 1)) TOTAL_WARNINGS=$((TOTAL_WARNINGS + 1))
# Old style # Old style
@ -2605,7 +2614,8 @@
################################################################################ ################################################################################
# Name : SafePerms() # Name : SafePerms()
# Description : # Description : Check if a file has safe permissions to be used
#
# Returns : 0 (file permissions OK) or break # Returns : 0 (file permissions OK) or break
################################################################################ ################################################################################
@ -2702,14 +2712,15 @@
# Name : SearchItem() # Name : SearchItem()
# Description : Search if a specific string exists in in a file # Description : Search if a specific string exists in in a file
# #
# Input : $1 = search key (string), $2 = file (string), $3 and later # Parameters : $1 = search key (string)
# are optional arguments # $2 = file (string)
# $3 = optional arguments:
# --sensitive - don't store results in log
# Returns : True (0) or False (1) # Returns : True (0) or False (1)
################################################################################ ################################################################################
SearchItem() { SearchItem() {
PERFORM_SCAN=0 PERFORM_SCAN=0
ITEM_FOUND=0
MASK_LOG=0 MASK_LOG=0
RETVAL=1 RETVAL=1
if [ $# -lt 2 ]; then if [ $# -lt 2 ]; then
@ -2737,8 +2748,7 @@
# Check if we can find the main type (with or without brackets) # Check if we can find the main type (with or without brackets)
LogText "Test: search string ${STRING} in file ${FILE}" LogText "Test: search string ${STRING} in file ${FILE}"
FIND=$(egrep "${STRING}" ${FILE}) FIND=$(egrep "${STRING}" ${FILE})
if [ ! "${FIND}" = "" ]; then if [ ! -z "${FIND}" ]; then
ITEM_FOUND=1
LogText "Result: found search string '${STRING}'" LogText "Result: found search string '${STRING}'"
if [ ${MASK_LOG} -eq 0 ]; then LogText "Full string returned: ${FIND}"; fi if [ ${MASK_LOG} -eq 0 ]; then LogText "Full string returned: ${FIND}"; fi
RETVAL=0 RETVAL=0
@ -2757,21 +2767,6 @@
} }
# Show result code (to be removed)
ShowResult() {
case $1 in
OK)
echo "[ ${OK}OK${NORMAL} ]"
;;
WARNING)
echo "[ ${WARNING}WARNING${NORMAL} ]"
# log the warning to our log file
#LogText "Warning: $2"
# add the warning to our report file
#Report "warning=$2"
;;
esac
}
################################################################################ ################################################################################
@ -3337,30 +3332,40 @@
################################################################################ ################################################################################
counttests() { counttests() {
DisplayWarning "Deprecated function used"
if IsDeveloperMode; then Debug "Warning: old counttests function is used. Please replace any reference with CountTests."; fi if IsDeveloperMode; then Debug "Warning: old counttests function is used. Please replace any reference with CountTests."; fi
CountTests CountTests
} }
logtext() { logtext() {
DisplayWarning "Deprecated function used"
if IsDeveloperMode; then Debug "Warning: old logtext function is used. Please replace any reference with LogText."; fi if IsDeveloperMode; then Debug "Warning: old logtext function is used. Please replace any reference with LogText."; fi
LogText "$1" LogText "$1"
} }
logtextbreak() { logtextbreak() {
DisplayWarning "Deprecated function used"
if IsDeveloperMode; then Debug "Warning: old logtextbreak function is used. Please replace any reference with LogTextBreak."; fi if IsDeveloperMode; then Debug "Warning: old logtextbreak function is used. Please replace any reference with LogTextBreak."; fi
LogTextBreak "$1" LogTextBreak "$1"
} }
report() { report() {
DisplayWarning "Deprecated function used"
if IsDeveloperMode; then Debug "Warning: old report function is used. Please replace any reference with Report."; fi if IsDeveloperMode; then Debug "Warning: old report function is used. Please replace any reference with Report."; fi
Report "$1" Report "$1"
} }
wait_for_keypress() { wait_for_keypress() {
DisplayWarning "Deprecated function used"
if IsDeveloperMode; then Debug "Warning: old wait_for_keypress function is used. Please replace any reference with WaitForKeyPress."; fi if IsDeveloperMode; then Debug "Warning: old wait_for_keypress function is used. Please replace any reference with WaitForKeyPress."; fi
WaitForKeyPress WaitForKeyPress
} }
ShowResult() {
DisplayWarning "Deprecated function used: ShowResult()"
if IsDeveloperMode; then Debug "Warning: old ShowResult() function is used. Please replace any reference with WaitForKeyPress."; fi
}
#================================================================================ #================================================================================