tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add root-only to some tests

This commit is contained in:
mboelen 2014-09-08 15:41:57 +02:00
parent f581c5181a
commit f5ec6027b9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/tests_firewalls
View File

@ -94,7 +94,7 @@
# Test : FIRE-4512
# Description : Check iptables for empty ruleset
if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Check iptables for empty ruleset"
Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --description "Check iptables for empty ruleset"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=`${IPTABLESBINARY} --list --numeric | egrep -v "^(Chain|target|$)" | wc -l | tr -d ' '`
if [ "${FIND}" = "0" ]; then
@ -115,7 +115,7 @@
# Test : FIRE-4513
# Description : Check iptables for unused rules
if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no FIRE-4513 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Check iptables for unused rules"
Register --test-no FIRE-4513 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --description "Check iptables for unused rules"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=`${IPTABLESBINARY} --list --numeric --line-numbers --verbose | awk '{ if ($2=="0") print $1 }' | xargs`
if [ "${FIND}" = "" ]; then