tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-25 23:05:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Removed unneeded field

Browse Source
This commit is contained in:
Michael Boelen 2016-08-10 07:24:10 +02:00
parent fc2d9b935c
commit f9b2993f35
17 changed files with 37 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
include/helper_audit_dockerfile
View File

@ -97,7 +97,7 @@ InsertSection "Basics"
FIND=`egrep "^MAINTAINER" ${AUDIT_FILE} | sed 's/ /:space:/g'` FIND=`egrep "^MAINTAINER" ${AUDIT_FILE} | sed 's/ /:space:/g'`
if [ "${FIND}" = "" ]; then if [ "${FIND}" = "" ]; then
ReportWarning "dockerfile" "L" "No maintainer found. Unclear who created this file." ReportWarning "dockerfile" "No maintainer found. Unclear who created this file."
else else
MAINTAINER=`echo ${FIND} | sed 's/:space:/ /g' | awk '{ if($1=="MAINTAINER") { print }}'` MAINTAINER=`echo ${FIND} | sed 's/:space:/ /g' | awk '{ if($1=="MAINTAINER") { print }}'`
Display --indent 2 --text "Maintainer" --result "${MAINTAINER}" Display --indent 2 --text "Maintainer" --result "${MAINTAINER}"
@ -125,7 +125,7 @@ InsertSection "Basics"
FIND=`egrep " (gcc|libc6-dev|make)" ${AUDIT_FILE} | grep -v "^#"` FIND=`egrep " (gcc|libc6-dev|make)" ${AUDIT_FILE} | grep -v "^#"`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
ReportWarning "dockerfile" "L" "Possible development utilities found, which is not advised for production environment" ReportWarning "dockerfile" "Possible development utilities found, which is not advised for production environment"
LogText "Details: ${FIND}" LogText "Details: ${FIND}"
fi fi
@ -160,7 +160,7 @@ InsertSection "Basics"
FIND=`grep "^ADD http" ${AUDIT_FILE}` FIND=`grep "^ADD http" ${AUDIT_FILE}`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
FILE_DOWNLOAD=1 FILE_DOWNLOAD=1
ReportWarning "dockerfile" "L" "Found download of file via ADD. Unclear if the integrity of this file is checked, or file is signed" ReportWarning "dockerfile" "Found download of file via ADD. Unclear if the integrity of this file is checked, or file is signed"
LogText "Details: ${FIND}" LogText "Details: ${FIND}"
fi fi
@ -193,7 +193,7 @@ InsertSection "Basics"
FIND=`grep -i "chmod 777" ${AUDIT_FILE}` FIND=`grep -i "chmod 777" ${AUDIT_FILE}`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
ReportWarning "dockerfile" "L" "Warning: chmod 777 found" ReportWarning "dockerfile" "Warning: chmod 777 found"
fi fi
# #
################################################################################################## ##################################################################################################

2
include/tests_accounting
View File

@ -235,7 +235,7 @@
else else
LogText "Result: no log file found" LogText "Result: no log file found"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_WARNING}" --color RED Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_WARNING}" --color RED
ReportWarning ${TEST_NO} "L" "Auditd log file is defined but can not be found on disk" ReportWarning ${TEST_NO} "Auditd log file is defined but can not be found on disk"
fi fi
fi fi
# #

4
include/tests_authentication
View File

@ -782,7 +782,7 @@
else else
LogText "Result: option present, no password needed at single user mode login" LogText "Result: option present, no password needed at single user mode login"
Display --indent 2 --text "- Checking Solaris /etc/default/sulogin file" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Checking Solaris /etc/default/sulogin file" --result "${STATUS_WARNING}" --color RED
ReportWarning ${TEST_NO} "H" "No password needed for single user mode login" ReportWarning ${TEST_NO} "No password needed for single user mode login"
AddHP 0 1 AddHP 0 1
fi fi
else else
@ -891,7 +891,7 @@
if [ ${FOUND} -eq 0 ]; then if [ ${FOUND} -eq 0 ]; then
LogText "Result: option not set, no password needed at single user mode boot" LogText "Result: option not set, no password needed at single user mode boot"
Display --indent 2 --text "- Checking Linux single user mode authentication" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Checking Linux single user mode authentication" --result "${STATUS_WARNING}" --color RED
ReportWarning ${TEST_NO} "L" "No password set for single mode" ReportWarning ${TEST_NO} "No password set for single mode"
ReportSuggestion ${TEST_NO} "Set password for single user mode to minimize physical access attack surface" ReportSuggestion ${TEST_NO} "Set password for single user mode to minimize physical access attack surface"
AddHP 0 2 AddHP 0 2
else else

2
include/tests_banners
View File

@ -75,7 +75,7 @@
# if IsWorldWritable /etc/motd; then # if IsWorldWritable /etc/motd; then
# Display --indent 4 --text "- /etc/motd permissions" --result "${STATUS_WARNING}" --color RED # Display --indent 4 --text "- /etc/motd permissions" --result "${STATUS_WARNING}" --color RED
# LogText "Result: /etc/motd is world writable. Users can change this file!" # LogText "Result: /etc/motd is world writable. Users can change this file!"
# ReportWarning ${TEST_NO} "H" "/etc/motd is world writable" # ReportWarning ${TEST_NO} "/etc/motd is world writable"
# else # else
# Display --indent 4 --text "- /etc/motd permissions" --result "${STATUS_OK}" --color GREEN # Display --indent 4 --text "- /etc/motd permissions" --result "${STATUS_OK}" --color GREEN
# LogText "Result: /etc/motd is not world writable." # LogText "Result: /etc/motd is not world writable."

2
include/tests_boot_services
View File

@ -658,7 +658,7 @@
LogText "Test: Checking ${CHECKFILE} file for writable bit" LogText "Test: Checking ${CHECKFILE} file for writable bit"
if IsWorldWritable ${CHECKFILE}; then if IsWorldWritable ${CHECKFILE}; then
FOUND=1 FOUND=1
ReportWarning ${TEST_NO} "H" "Found writable startup script ${CHECKFILE}" ReportWarning ${TEST_NO} "Found writable startup script ${CHECKFILE}"
LogText "Result: warning, file ${CHECKFILE} is world writable" LogText "Result: warning, file ${CHECKFILE} is world writable"
else else
LogText "Result: good, file ${CHECKFILE} not world writable" LogText "Result: good, file ${CHECKFILE} not world writable"

2
include/tests_databases
View File

@ -76,7 +76,7 @@
FIND=`${MYSQLCLIENTBINARY} -u root --password= --silent --batch --execute="" 2> /dev/null; echo $?` FIND=`${MYSQLCLIENTBINARY} -u root --password= --silent --batch --execute="" 2> /dev/null; echo $?`
if [ "${FIND}" = "0" ]; then if [ "${FIND}" = "0" ]; then
LogText "Result: Login succeeded, no MySQL root password set!" LogText "Result: Login succeeded, no MySQL root password set!"
ReportWarning ${TEST_NO} "H" "No MySQL root password set" ReportWarning ${TEST_NO} "No MySQL root password set"
Display --indent 4 --text "- Checking empty MySQL root password" --result "${STATUS_WARNING}" --color RED Display --indent 4 --text "- Checking empty MySQL root password" --result "${STATUS_WARNING}" --color RED
AddHP 0 5 AddHP 0 5
else else

4
include/tests_filesystems
View File

@ -283,7 +283,7 @@
else else
Display --indent 2 --text "- Testing swap partitions" --result "CHECK NEEDED" --color YELLOW Display --indent 2 --text "- Testing swap partitions" --result "CHECK NEEDED" --color YELLOW
LogText "Result: possible incorrect mount options used for mounting swap partition (${FIND})" LogText "Result: possible incorrect mount options used for mounting swap partition (${FIND})"
#ReportWarning ${TEST_NO} "L" "Possible incorrect mount options used for swap parition (${FIND})" #ReportWarning ${TEST_NO} "Possible incorrect mount options used for swap parition (${FIND})"
ReportSuggestion ${TEST_NO} "Check your /etc/fstab file for swap partition mount options" ReportSuggestion ${TEST_NO} "Check your /etc/fstab file for swap partition mount options"
LogText "Notes: usually swap partition have 'sw' or 'swap' in the options field (4th)" LogText "Notes: usually swap partition have 'sw' or 'swap' in the options field (4th)"
fi fi
@ -367,7 +367,7 @@
AddHP 3 3 AddHP 3 3
else else
Display --indent 2 --text "- Checking /tmp sticky bit" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Checking /tmp sticky bit" --result "${STATUS_WARNING}" --color RED
ReportWarning ${TEST_NO} "H" "No sticky bit found on /tmp directory, which can be dangerous!" ReportWarning ${TEST_NO} "No sticky bit found on /tmp directory, which can be dangerous!"
ReportSuggestion ${TEST_NO} "Consult documentation and place the sticky bit, to prevent users deleting (by other owned) files in the /tmp directory." ReportSuggestion ${TEST_NO} "Consult documentation and place the sticky bit, to prevent users deleting (by other owned) files in the /tmp directory."
AddHP 0 3 AddHP 0 3
fi fi

6
include/tests_firewalls
View File

@ -156,7 +156,7 @@
FIREWALL_EMPTY_RULESET=1 FIREWALL_EMPTY_RULESET=1
LogText "Result: iptables ruleset seems to be empty (found ${FIND} rules)" LogText "Result: iptables ruleset seems to be empty (found ${FIND} rules)"
Display --indent 4 --text "- Checking for empty ruleset" --result "${STATUS_WARNING}" --color RED Display --indent 4 --text "- Checking for empty ruleset" --result "${STATUS_WARNING}" --color RED
ReportWarning ${TEST_NO} "L" "iptables module(s) loaded, but no rules active" ReportWarning ${TEST_NO} "iptables module(s) loaded, but no rules active"
else else
LogText "Result: one or more rules are available (${FIND} rules)" LogText "Result: one or more rules are available (${FIND} rules)"
Display --indent 4 --text "- Checking for empty ruleset" --result "${STATUS_OK}" --color GREEN Display --indent 4 --text "- Checking for empty ruleset" --result "${STATUS_OK}" --color GREEN
@ -181,7 +181,7 @@
LogText "Description: Unused rules can be a sign that the firewall rules aren't optimized or up-to-date" LogText "Description: Unused rules can be a sign that the firewall rules aren't optimized or up-to-date"
LogText "Note: Sometimes rules aren't triggered but still in use. Keep this in mind before cleaning up rules." LogText "Note: Sometimes rules aren't triggered but still in use. Keep this in mind before cleaning up rules."
LogText "Output: iptables rule numbers: ${FIND}" LogText "Output: iptables rule numbers: ${FIND}"
#ReportWarning ${TEST_NO} "L" "Found possible unused iptables rules ($FIND)" #ReportWarning ${TEST_NO} "Found possible unused iptables rules ($FIND)"
ReportSuggestion ${TEST_NO} "Check iptables rules to see which rules are currently not used" ReportSuggestion ${TEST_NO} "Check iptables rules to see which rules are currently not used"
LogText "Tip: iptables --list --numeric --line-numbers --verbose" LogText "Tip: iptables --list --numeric --line-numbers --verbose"
fi fi
@ -272,7 +272,7 @@
else else
Display --indent 4 --text "- Checking pf configuration consistency" --result "${STATUS_WARNING}" --color RED Display --indent 4 --text "- Checking pf configuration consistency" --result "${STATUS_WARNING}" --color RED
LogText "Result: found one or more warnings in the pf filter rules" LogText "Result: found one or more warnings in the pf filter rules"
ReportWarning ${TEST_NO} "H" "Found one or more warnings in pf configuration file" ReportWarning ${TEST_NO} "Found one or more warnings in pf configuration file"
ReportSuggestion ${TEST_NO} "Run 'pfctl -n -f /etc/pf.conf -vvv' to see available pf warnings" ReportSuggestion ${TEST_NO} "Run 'pfctl -n -f /etc/pf.conf -vvv' to see available pf warnings"
fi fi
else else

2
include/tests_kernel
View File

@ -587,7 +587,7 @@
AddHP 5 5 AddHP 5 5
elif [ ${REBOOT_NEEDED} -eq 1 ]; then elif [ ${REBOOT_NEEDED} -eq 1 ]; then
Display --indent 2 --text "- Check if reboot is needed" --result "${STATUS_YES}" --color RED Display --indent 2 --text "- Check if reboot is needed" --result "${STATUS_YES}" --color RED
ReportWarning ${TEST_NO} "H" "Reboot of system is most likely needed" ReportWarning ${TEST_NO} "Reboot of system is most likely needed"
AddHP 0 5 AddHP 0 5
else else
Display --indent 2 --text "- Check if reboot is needed" --result "${STATUS_UNKNOWN}" --color YELLOW Display --indent 2 --text "- Check if reboot is needed" --result "${STATUS_UNKNOWN}" --color YELLOW

8
include/tests_logging
View File

@ -92,7 +92,7 @@
else else
LogText "Result: Syslog-NG configuration file seems NOT to be consistent" LogText "Result: Syslog-NG configuration file seems NOT to be consistent"
Display --indent 6 --text "- Checking Syslog-NG consistency" --result "${STATUS_WARNING}" --color RED Display --indent 6 --text "- Checking Syslog-NG consistency" --result "${STATUS_WARNING}" --color RED
ReportWarning ${TEST_NO} "L" "Found one or more problems in Syslog-NG configuration file" ReportWarning ${TEST_NO} "Found one or more problems in Syslog-NG configuration file"
ReportSuggestion ${TEST_NO} "Check the Syslog-NG configuration file and/or run a manual consistency check with: syslog-ng -s" ReportSuggestion ${TEST_NO} "Check the Syslog-NG configuration file and/or run a manual consistency check with: syslog-ng -s"
fi fi
fi fi
@ -191,7 +191,7 @@
else else
LogText "Result: No klogd found" LogText "Result: No klogd found"
Display --indent 4 --text "- Checking klogd" --result "${STATUS_NOT_FOUND}" --color RED Display --indent 4 --text "- Checking klogd" --result "${STATUS_NOT_FOUND}" --color RED
ReportWarning ${TEST_NO} "L" "klogd is not running, which could lead to missing kernel messages in log files" ReportWarning ${TEST_NO} "klogd is not running, which could lead to missing kernel messages in log files"
fi fi
else else
LogText "Result: test skipped, because other facility is being used to log kernel messages" LogText "Result: test skipped, because other facility is being used to log kernel messages"
@ -214,7 +214,7 @@
Display --indent 4 --text "- Checking minilogd instances" --result "${STATUS_WARNING}" --color RED Display --indent 4 --text "- Checking minilogd instances" --result "${STATUS_WARNING}" --color RED
LogText "Result: minilogd found in process list" LogText "Result: minilogd found in process list"
# minilogd daemon seems to be running # minilogd daemon seems to be running
ReportWarning ${TEST_NO} "L" "minilogd is running, which should normally not be running" ReportWarning ${TEST_NO} "minilogd is running, which should normally not be running"
fi fi
fi fi
# #
@ -327,7 +327,7 @@
else else
Display --indent 2 --text "- Checking loghost entry" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Checking loghost entry" --result "${STATUS_WARNING}" --color RED
LogText "Result: No loghost entry found" LogText "Result: No loghost entry found"
ReportWarning ${TEST_NO} "L" "No loghost entry found" ReportWarning ${TEST_NO} "No loghost entry found"
ReportSuggestion ${TEST_NO} "Add a loghost entry to /etc/inet/hosts or other name services" ReportSuggestion ${TEST_NO} "Add a loghost entry to /etc/inet/hosts or other name services"
fi fi
fi fi

6
include/tests_nameservices
View File

@ -84,7 +84,7 @@
if [ ${N} -gt 6 ]; then if [ ${N} -gt 6 ]; then
LogText "Result: Found ${N} search domains" LogText "Result: Found ${N} search domains"
Display --indent 2 --text "- Checking search domains" --result "${STATUS_WARNING}" --color YELLOW Display --indent 2 --text "- Checking search domains" --result "${STATUS_WARNING}" --color YELLOW
ReportWarning ${TEST_NO} "L" "Found more than 6 search domains, which is usually more than the maximum allowed number in most resolvers" ReportWarning ${TEST_NO} "Found more than 6 search domains, which is usually more than the maximum allowed number in most resolvers"
else else
LogText "Result: Found ${N} search domains" LogText "Result: Found ${N} search domains"
Display --indent 2 --text "- Checking search domains" --result "${STATUS_FOUND}" --color GREEN Display --indent 2 --text "- Checking search domains" --result "${STATUS_FOUND}" --color GREEN
@ -100,7 +100,7 @@
if [ ! "${FIND}" = "0" -a ! "${FIND}" = "1" ]; then if [ ! "${FIND}" = "0" -a ! "${FIND}" = "1" ]; then
LogText "Result: found ${FIND} line(s) with a search statement (expecting less than 2 lines)" LogText "Result: found ${FIND} line(s) with a search statement (expecting less than 2 lines)"
Display --indent 4 --text "- Checking search domains lines" --result "CONFIG ERROR" --color YELLOW Display --indent 4 --text "- Checking search domains lines" --result "CONFIG ERROR" --color YELLOW
ReportWarning ${TEST_NO} "L" "Found more than 1 search lines in /etc/resolv.conf, which is probably a misconfiguration" ReportWarning ${TEST_NO} "Found more than 1 search lines in /etc/resolv.conf, which is probably a misconfiguration"
else else
LogText "Result: found ${FIND} line(s) with a search statement (expecting less than 2 lines)" LogText "Result: found ${FIND} line(s) with a search statement (expecting less than 2 lines)"
fi fi
@ -280,7 +280,7 @@
else else
LogText "Result: Unbound daemon is not running" LogText "Result: Unbound daemon is not running"
Display --indent 2 --text "- Checking configuration file" --result "NOT OK" --color YELLOW Display --indent 2 --text "- Checking configuration file" --result "NOT OK" --color YELLOW
ReportWarning "${TEST_NO}" "L" "Found Unbound configuration file issues (run unbound-checkconf)" ReportWarning "${TEST_NO}" "Found Unbound configuration file issues (run unbound-checkconf)"
fi fi
else else
LogText "Result: skipped, can't find unbound-checkconf utility" LogText "Result: skipped, can't find unbound-checkconf utility"

8
include/tests_networking
View File

@ -147,7 +147,7 @@
LogText "Result: nameserver ${I} does NOT respond" LogText "Result: nameserver ${I} does NOT respond"
LogText "Exit-code from dig: ${DNSRESPONSE}" LogText "Exit-code from dig: ${DNSRESPONSE}"
ReportSuggestion ${TEST_NO} "Check connection to this nameserver and make sure no outbound DNS queries are blocked (port 53 UDP and TCP)." ReportSuggestion ${TEST_NO} "Check connection to this nameserver and make sure no outbound DNS queries are blocked (port 53 UDP and TCP)."
ReportWarning ${TEST_NO} "L" "Nameserver ${I} does not respond" ReportWarning ${TEST_NO} "Nameserver ${I} does not respond"
fi fi
else else
LogText "Result: Nameserver test for ${I} skipped, 'dig' not installed" LogText "Result: Nameserver test for ${I} skipped, 'dig' not installed"
@ -169,7 +169,7 @@
if [ ${NUMBERACTIVENS} -lt 2 ]; then if [ ${NUMBERACTIVENS} -lt 2 ]; then
Display --indent 4 --text "- Minimal of 2 responsive nameservers" --result "${STATUS_WARNING}" --color RED Display --indent 4 --text "- Minimal of 2 responsive nameservers" --result "${STATUS_WARNING}" --color RED
LogText "Result: less than 2 responsive nameservers found" LogText "Result: less than 2 responsive nameservers found"
ReportWarning ${TEST_NO} "L" "Couldn't find 2 responsive nameservers" ReportWarning ${TEST_NO} "Couldn't find 2 responsive nameservers"
LogText "Note: Non responsive nameservers can give problems for your system(s). Like the lack of recursive lookups, bad connectivity to update servers etc." LogText "Note: Non responsive nameservers can give problems for your system(s). Like the lack of recursive lookups, bad connectivity to update servers etc."
ReportSuggestion ${TEST_NO} "Check your resolv.conf file and fill in a backup nameserver if possible" ReportSuggestion ${TEST_NO} "Check your resolv.conf file and fill in a backup nameserver if possible"
AddHP 1 2 AddHP 1 2
@ -487,7 +487,7 @@
# Check if this interface was whitelisted # Check if this interface was whitelisted
if [ ${WHITELISTED} -eq 0 ]; then if [ ${WHITELISTED} -eq 0 ]; then
FOUNDPROMISC=1 FOUNDPROMISC=1
ReportWarning ${TEST_NO} "H" "Found promiscuous interface (${I})" ReportWarning ${TEST_NO} "Found promiscuous interface (${I})"
LogText "Note: some tools put an interface into promiscuous mode, to capture/log network traffic" LogText "Note: some tools put an interface into promiscuous mode, to capture/log network traffic"
else else
LogText "Result: Found promiscuous interface ${I} (*whitelisted via profile*)" LogText "Result: Found promiscuous interface ${I} (*whitelisted via profile*)"
@ -522,7 +522,7 @@
ISWHITELISTED=`grep "^if_promisc:${I}:" ${PROFILE}` ISWHITELISTED=`grep "^if_promisc:${I}:" ${PROFILE}`
if [ "${ISWHITELISTED}" = "" ]; then if [ "${ISWHITELISTED}" = "" ]; then
FOUNDPROMISC=1 FOUNDPROMISC=1
ReportWarning ${TEST_NO} "H" "Found promiscuous interface (${I})" ReportWarning ${TEST_NO} "Found promiscuous interface (${I})"
LogText "Note: some tools put an interface into promiscuous mode, to capture/log network traffic" LogText "Note: some tools put an interface into promiscuous mode, to capture/log network traffic"
else else
LogText "Result: Found promiscuous interface ${I} (*whitelisted via profile*)" LogText "Result: Found promiscuous interface ${I} (*whitelisted via profile*)"

10
include/tests_ports_packages
View File

@ -313,7 +313,7 @@
else else
Display --indent 2 --text "- Using Zypper to find vulnerable packages" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Using Zypper to find vulnerable packages" --result "${STATUS_WARNING}" --color RED
LogText "Result: Zypper found one or more installed packages which are vulnerable." LogText "Result: Zypper found one or more installed packages which are vulnerable."
ReportWarning ${TEST_NO} "H" "Found one or more vulnerable packages installed" ReportWarning ${TEST_NO} "Found one or more vulnerable packages installed"
# Unfortunately zypper does not properly give back which package it is. Usually best guess is last word on the line # Unfortunately zypper does not properly give back which package it is. Usually best guess is last word on the line
FIND=`${ZYPPERBINARY} -n lp | ${AWKBINARY} '{ if ($5=="security" || $7=="security") { print $NF }}' | sed 's/:$//' | grep -v "^$" | sort -u` FIND=`${ZYPPERBINARY} -n lp | ${AWKBINARY} '{ if ($5=="security" || $7=="security") { print $NF }}' | sed 's/:$//' | grep -v "^$" | sort -u`
LogText "List of vulnerable packages/version:" LogText "List of vulnerable packages/version:"
@ -447,7 +447,7 @@
# Decrease hardening points for every found vulnerable package # Decrease hardening points for every found vulnerable package
AddHP 1 2 AddHP 1 2
done done
ReportWarning ${TEST_NO} "H" "Found one or more vulnerable packages. Run: dnf upgrade" ReportWarning ${TEST_NO} "Found one or more vulnerable packages. Run: dnf upgrade"
Display --indent 2 --text "- Using DNF to find vulnerable packages" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Using DNF to find vulnerable packages" --result "${STATUS_WARNING}" --color RED
else else
@ -711,7 +711,7 @@
else else
LogText "Result: One or more duplicate packages found" LogText "Result: One or more duplicate packages found"
Display --indent 2 --text "- Checking package database duplicates" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Checking package database duplicates" --result "${STATUS_WARNING}" --color RED
ReportWarning ${TEST_NO} "L" "Found one or more duplicate packages installed" ReportWarning ${TEST_NO} "Found one or more duplicate packages installed"
ReportSuggestion ${TEST_NO} "Run package-cleanup to solve duplicate package problems" ReportSuggestion ${TEST_NO} "Run package-cleanup to solve duplicate package problems"
fi fi
@ -724,7 +724,7 @@
else else
LogText "Result: One or more problems found in package database" LogText "Result: One or more problems found in package database"
Display --indent 2 --text "- Checking package database for problems" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Checking package database for problems" --result "${STATUS_WARNING}" --color RED
ReportWarning ${TEST_NO} "L" "Found one or more problems in the package database" ReportWarning ${TEST_NO} "Found one or more problems in the package database"
ReportSuggestion ${TEST_NO} "Run package-cleanup to solve package problems" ReportSuggestion ${TEST_NO} "Run package-cleanup to solve package problems"
fi fi
else else
@ -1012,7 +1012,7 @@
VULNERABLE_PACKAGES_FOUND=1 VULNERABLE_PACKAGES_FOUND=1
Display --indent 2 --text "- Checking vulnerable packages (glsa-check)" --result "${STATUS_FOUND}" --color RED Display --indent 2 --text "- Checking vulnerable packages (glsa-check)" --result "${STATUS_FOUND}" --color RED
LogText "Result: found ${FIND} security updates with glsa-check" LogText "Result: found ${FIND} security updates with glsa-check"
ReportWarning "${TEST_NO}" "H" "Found ${FIND} security update(s) with glsa-check." ReportWarning "${TEST_NO}" "Found ${FIND} security update(s) with glsa-check."
LogText "Notes: Run 'glsa-check -t all' to see which GLSA(s) were identified." LogText "Notes: Run 'glsa-check -t all' to see which GLSA(s) were identified."
AddHP 0 25 AddHP 0 25
fi fi

2
include/tests_shells
View File

@ -392,7 +392,7 @@
fi fi
if [ ${FOUND} -eq 1 ]; then if [ ${FOUND} -eq 1 ]; then
ReportWarning ${TEST_NO} "H" "System vulnerable to Shellshock (bash)" ReportWarning ${TEST_NO} "System vulnerable to Shellshock (bash)"
AddHP 0 25 AddHP 0 25
else else
AddHP 5 5 AddHP 5 5

2
include/tests_squid
View File

@ -257,7 +257,7 @@
AddHP 1 1 AddHP 1 1
else else
Display --indent 6 --text "- Checking ACL 'Safe_ports' (port ${I})" --result "${STATUS_FOUND}" --color RED Display --indent 6 --text "- Checking ACL 'Safe_ports' (port ${I})" --result "${STATUS_FOUND}" --color RED
ReportWarning ${TEST_NO} "H" "Squid configuration possibly allows relaying traffic via configured Safe_port ${I}" ReportWarning ${TEST_NO} "Squid configuration possibly allows relaying traffic via configured Safe_port ${I}"
AddHP 0 1 AddHP 0 1
fi fi
done done

2
include/tests_time
View File

@ -259,7 +259,7 @@
Display --indent 2 --text "- Checking high stratum ntp peers" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Checking high stratum ntp peers" --result "${STATUS_WARNING}" --color RED
LogText "Result: Found one or more high stratum (16) peers)" LogText "Result: Found one or more high stratum (16) peers)"
ReportSuggestion ${TEST_NO} "Check ntpq peers output" ReportSuggestion ${TEST_NO} "Check ntpq peers output"
ReportWarning ${TEST_NO} "L" "Found one or more stratum 16 peers" ReportWarning ${TEST_NO} "Found one or more stratum 16 peers"
fi fi
fi fi
fi fi

4
lynis
View File

@ -906,7 +906,7 @@ ${NORMAL}
. ${INCLUDE_FILE} . ${INCLUDE_FILE}
else else
LogText "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDE_FILE} has bad permissions (should be 640, 600 or 400)" LogText "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDE_FILE} has bad permissions (should be 640, 600 or 400)"
ReportWarning "NONE" "H" "Invalid permissions on tests file tests_${INCLUDE_TEST}" ReportWarning "NONE" "Invalid permissions on tests file tests_${INCLUDE_TEST}"
# Insert a section and warn user also on screen # Insert a section and warn user also on screen
InsertSection "General" InsertSection "General"
Display --indent 2 --text "- Running test category ${INCLUDE_TEST}... " --result "SKIPPED" --color RED Display --indent 2 --text "- Running test category ${INCLUDE_TEST}... " --result "SKIPPED" --color RED
@ -933,7 +933,7 @@ ${NORMAL}
. ${INCLUDEDIR}/tests_custom . ${INCLUDEDIR}/tests_custom
else else
LogText "Exception: skipping custom tests, file has bad permissions (should be 640, 600 or 400)" LogText "Exception: skipping custom tests, file has bad permissions (should be 640, 600 or 400)"
ReportWarning "NONE" "H" "Invalid permissions on custom tests file" ReportWarning "NONE" "Invalid permissions on custom tests file"
Display --indent 2 --text "- Running custom tests... " --result "WARNING" --color RED Display --indent 2 --text "- Running custom tests... " --result "WARNING" --color RED
fi fi
else else