tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-23 13:54:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Command line option for slow test threshold

Browse Source 
IMHO it should be OK to run long tests if we count with it.

Example:

    lynis audit system --slow-warning 300

Will warn when test takes longer than 300 seconds, instead of default 10.
This commit is contained in:
Kepi 2020-07-02 22:47:13 +02:00
parent 1da058d6de
commit f94817f66f
5 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
extras/bash_completion.d/lynis
View File

@ -179,7 +179,7 @@ _lynis()
*) *)
COMPREPLY=( $( compgen -W ' \ COMPREPLY=( $( compgen -W ' \
--auditor --cronjob --debug --quick --quiet --logfile --no-colors --no-log --pentest --reverse-colors \ --auditor --cronjob --debug --quick --quiet --logfile --no-colors --no-log --pentest --reverse-colors \
--tests --tests-from-category --tests-from-group --upload --verbose' -- "$cur" ) ) --tests --tests-from-category --tests-from-group --upload --verbose --slow-warning' -- "$cur" ) )
;; ;;
esac esac

1
include/consts
View File

@ -273,6 +273,7 @@ ETC_PATHS="/etc /usr/local/etc"
SKIP_VM_DETECTION=0 SKIP_VM_DETECTION=0
SKIPREASON="" SKIPREASON=""
SKIPPED_TESTS_ROOTONLY="" SKIPPED_TESTS_ROOTONLY=""
SLOW_TEST_THRESHOLD=10
SMTPCTLBINARY="" SMTPCTLBINARY=""
SNORTBINARY="" SNORTBINARY=""
SSHKEYSCANBINARY="" SSHKEYSCANBINARY=""

2
include/functions
View File

@ -2586,7 +2586,7 @@
CURRENT_TS=$(GetTimestamp) CURRENT_TS=$(GetTimestamp)
if [ ${PREVIOUS_TS} -gt 0 ]; then if [ ${PREVIOUS_TS} -gt 0 ]; then
SLOW_TEST=0 SLOW_TEST=0
TIME_THRESHOLD=10 # seconds TIME_THRESHOLD=$SLOW_TEST_THRESHOLD # seconds
# Calculate timing and determine if we use seconds or nanoseconds (more precise) # Calculate timing and determine if we use seconds or nanoseconds (more precise)
TIME_DIFF=$((CURRENT_TS - PREVIOUS_TS)) TIME_DIFF=$((CURRENT_TS - PREVIOUS_TS))

17
include/parameters
View File

@ -423,6 +423,23 @@
QUIET=1 QUIET=1
;; ;;
# Warning when test is slow
--slow-warning)
if [ $# -gt 1 ]; then
shift
if [ "$1" -gt 0 ] 2>/dev/null; then
SLOW_TEST_THRESHOLD="$1"
else
echo "Argument has to be number."
exit 1
fi
else
echo "Specify threshold as number of seconds above which should Lynis warn about long test."
exit 1
fi
;;
--tests-category | --tests-categories | --view-categories | --list-categories | --show-categories) --tests-category | --tests-categories | --view-categories | --list-categories | --show-categories)
echo "Error: Deprecated option ($1)" echo "Error: Deprecated option ($1)"
exit 1 exit 1

1
lynis
View File

@ -453,6 +453,7 @@ ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${
${GRAY}--verbose${NORMAL} : Show more details on screen ${GRAY}--verbose${NORMAL} : Show more details on screen
${GRAY}--version (-V)${NORMAL} : Display version number and quit ${GRAY}--version (-V)${NORMAL} : Display version number and quit
${GRAY}--wait${NORMAL} : Wait between a set of tests ${GRAY}--wait${NORMAL} : Wait between a set of tests
${GRAY}--slow-warning ${BROWN}<seconds>${NORMAL} : Threshold for slow test warning in seconds (default 10)
${WHITE}Enterprise options${NORMAL} ${WHITE}Enterprise options${NORMAL}
${GRAY}--plugindir ${BROWN}<path>${NORMAL} : Define path of available plugins ${GRAY}--plugindir ${BROWN}<path>${NORMAL} : Define path of available plugins