tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-26 23:34:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update tests_firewalls

Browse Source
This commit is contained in:
nser77 2024-10-10 12:31:05 +02:00 committed by GitHub
parent 5d50814f04
commit fa9082ab77
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 118 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

224
include/tests_firewalls
View File

@ -112,127 +112,139 @@
tables="filter nat mangle raw security" tables="filter nat mangle raw security"
for t in ${tables} for t in ${tables}
do do
${IPTABLESBINARY} -t "${t}" -S -v -w 1 2>/dev/zero | while read -r line ${IPTABLESBINARY} -t "${t}" -S -v -w 1 2>/dev/zero |
do {
set -- ${line} while read -r line
while [ $# -gt 0 ]
do do
if [ "${1}" = "!" ] set -- ${line}
then while [ $# -gt 0 ]
not="${1}" do
if [ "${2}" = "-d" ] if [ "${1}" = "!" ]
then then
d="${not} ${3}" not="${1}"
shift 3 if [ "${2}" = "-d" ]
elif [ "${2}" = "-s" ] then
d="${not} ${3}"
shift 3
elif [ "${2}" = "-s" ]
then
s="${not} ${3}"
shift 3
elif [ "${2}" = "-i" ]
then
p="${not} ${3}"
shift 3
elif [ "${2}" = "-o" ]
then
o="${not} ${3}"
shift 3
elif [ "${2}" = "-f" ]
then
p="${not} ${3}"
shift 3
fi
shift
elif [ "${1}" = "-P" ]
then then
s="${not} ${3}" c="${2}"
j="${3}"
shift 3 shift 3
elif [ "${2}" = "-i" ] elif [ "${1}" = "-A" ] || [ "${1}" = "-N" ]
then then
p="${not} ${3}" c="${2}"
shift 3 shift 2
elif [ "${2}" = "-o" ] elif [ "${1}" = "-j" ]
then then
o="${not} ${3}" j="${2}"
shift 3 shift
elif [ "${2}" = "-f" ] elif [ "${1}" = "-p" ]
then then
p="${not} ${3}" p="${2}"
shift
elif [ "${1}" = "-d" ]
then
d="${2}"
shift
elif [ "${1}" = "-s" ]
then
s="${2}"
shift
elif [ "${1}" = "-m" ]
then
m="${2}"
shift
elif [ "${1}" = "-g" ]
then
g="${2}"
shift
elif [ "${1}" = "-i" ]
then
i="${2}"
shift
elif [ "${1}" = "-o" ]
then
o="${2}"
shift
elif [ "${1}" = "-f" ]
then
f="${2}"
shift
elif [ "${1}" = "-c" ]
then
pc="${2}"
bc="${3}"
shift 3 shift 3
else
shift
fi fi
shift done
elif [ "${1}" = "-P" ] # logics
if [ "${t}" = "filter" ] || [ "${t}" = "security" ]
then then
c="${2}" if [ "${c}" = "INPUT" ]
j="${3}" then
shift 3 if [ "${j}" = "ACCEPT" ]
elif [ "${1}" = "-A" ] || [ "${1}" = "-N" ] then
then errqueue="${errqueue}\n${t} ${c} ${j} YELLOW"
c="${2}" AddHP 1 3
shift 2 elif [ "${j}" = "DROP" ]
elif [ "${1}" = "-j" ] then
then errqueue="${errqueue}\n${t} ${c} ${j} GREEN"
j="${2}" AddHP 3 3
shift fi
elif [ "${1}" = "-p" ] elif [ "${c}" = "FORWARD" ]
then then
p="${2}" :
shift elif [ "${c}" = "OUTPUT" ]
elif [ "${1}" = "-d" ] then
then :
d="${2}" fi
shift if [ "${c}" = "INPUT" ] || [ "${c}" = "FORWARD" ] || [ "${c}" = "OUTPUT" ]
elif [ "${1}" = "-s" ] then
then if [ "${j}" = "NFQUEUE" ]
s="${2}" then
shift errqueue="${errqueue}\n${t} ${c} ${j} RED"
elif [ "${1}" = "-m" ] AddHP 0 3
then fi
m="${2}" fi
shift
elif [ "${1}" = "-g" ]
then
g="${2}"
shift
elif [ "${1}" = "-i" ]
then
i="${2}"
shift
elif [ "${1}" = "-o" ]
then
o="${2}"
shift
elif [ "${1}" = "-f" ]
then
f="${2}"
shift
elif [ "${1}" = "-c" ]
then
pc="${2}"
bc="${3}"
shift 3
else
shift
fi fi
done done
# logics # resume
if [ "${t}" = "filter" ] || [ "${t}" = "security" ] echo ${errqueue} | ${SORTBINARY} -u | while read -r eq
then do
if [ "${c}" = "INPUT" ] set -- ${eq}
then while [ $# -gt 0 ]
if [ "${j}" = "ACCEPT" ] do
Display --indent 6 --text "Checking chain ${2} (table: ${1}, target: ${3})" --result "${3}" --color "${4}"
if [ "${3}" = "NFQUEUE" ]
then then
LogText "Result: Found ${j} for ${c} (table: ${t})" ReportSuggestion "${TEST_NO}" "Consider avoid ${3} target if possible (iptables chain ${2}, table: ${1})"
Display --indent 6 --text "- Checking chain ${c} (table: ${t}, chain ${c})" --result "${j}" --color YELLOW
AddHP 1 3
elif [ "${j}" = "DROP" ]
then
LogText "Result: Found ${j} for ${c} (table: ${t})"
Display --indent 6 --text "- Checking chain ${c} (table: ${t}, chain ${c})" --result "${j}" --color GREEN
AddHP 3 3
fi fi
elif [ "${c}" = "FORWARD" ] shift 4
then done
: done
elif [ "${c}" = "OUTPUT" ] }
then
:
fi
if [ "${c}" = "INPUT" ] || [ "${c}" = "FORWARD" ] || [ "${c}" = "OUTPUT" ]
then
if [ "${j}" = "NFQUEUE" ]
then
LogText "Result: Found ${j} for ${c} (table: ${t})"
Display --indent 6 --text "- Checking chain ${c} (table: ${t}, chain ${c})" --result "${j}" --color RED
ReportSuggestion "${TEST_NO}" "Consider avoid ${j} target if possible (iptables chain ${c}, table: ${t})"
AddHP 0 3
fi
fi
fi
done
done done
# resume
fi fi
# #
################################################################################# #################################################################################