tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-26 23:34:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update tests_firewalls

Browse Source
This commit is contained in:
nser77 2024-10-10 12:31:05 +02:00 committed by GitHub
parent 5d50814f04
commit fa9082ab77
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 118 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
include/tests_firewalls
View File

@ -112,7 +112,9 @@
tables="filter nat mangle raw security" tables="filter nat mangle raw security"
for t in ${tables} for t in ${tables}
do do
${IPTABLESBINARY} -t "${t}" -S -v -w 1 2>/dev/zero | while read -r line ${IPTABLESBINARY} -t "${t}" -S -v -w 1 2>/dev/zero |
{
while read -r line
do do
set -- ${line} set -- ${line}
while [ $# -gt 0 ] while [ $# -gt 0 ]
@ -203,13 +205,11 @@
then then
if [ "${j}" = "ACCEPT" ] if [ "${j}" = "ACCEPT" ]
then then
LogText "Result: Found ${j} for ${c} (table: ${t})" errqueue="${errqueue}\n${t} ${c} ${j} YELLOW"
Display --indent 6 --text "- Checking chain ${c} (table: ${t}, chain ${c})" --result "${j}" --color YELLOW
AddHP 1 3 AddHP 1 3
elif [ "${j}" = "DROP" ] elif [ "${j}" = "DROP" ]
then then
LogText "Result: Found ${j} for ${c} (table: ${t})" errqueue="${errqueue}\n${t} ${c} ${j} GREEN"
Display --indent 6 --text "- Checking chain ${c} (table: ${t}, chain ${c})" --result "${j}" --color GREEN
AddHP 3 3 AddHP 3 3
fi fi
elif [ "${c}" = "FORWARD" ] elif [ "${c}" = "FORWARD" ]
@ -223,16 +223,28 @@
then then
if [ "${j}" = "NFQUEUE" ] if [ "${j}" = "NFQUEUE" ]
then then
LogText "Result: Found ${j} for ${c} (table: ${t})" errqueue="${errqueue}\n${t} ${c} ${j} RED"
Display --indent 6 --text "- Checking chain ${c} (table: ${t}, chain ${c})" --result "${j}" --color RED
ReportSuggestion "${TEST_NO}" "Consider avoid ${j} target if possible (iptables chain ${c}, table: ${t})"
AddHP 0 3 AddHP 0 3
fi fi
fi fi
fi fi
done done
done
# resume # resume
echo ${errqueue} | ${SORTBINARY} -u | while read -r eq
do
set -- ${eq}
while [ $# -gt 0 ]
do
Display --indent 6 --text "Checking chain ${2} (table: ${1}, target: ${3})" --result "${3}" --color "${4}"
if [ "${3}" = "NFQUEUE" ]
then
ReportSuggestion "${TEST_NO}" "Consider avoid ${3} target if possible (iptables chain ${2}, table: ${1})"
fi
shift 4
done
done
}
done
fi fi
# #
################################################################################# #################################################################################