tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[LOGG-2154] support new-style rsyslog configuration for remote targets

This commit is contained in:
Michael Boelen 2019-09-10 14:52:20 +02:00
parent b30df4261d
commit fbcfab1adc
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
include/tests_logging
View File

@ -368,9 +368,7 @@
F=$(echo ${F} | ${SEDBINARY} 's/:space:/ /g') F=$(echo ${F} | ${SEDBINARY} 's/:space:/ /g')
LogText "Test: analyzing file ${F} for remote target" LogText "Test: analyzing file ${F} for remote target"
DATA=$(${EGREPBINARY} "@@?([a-zA-Z0-9\-])+(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?" ${F} | ${GREPBINARY} -v "#" | ${TRBINARY} -cd "[:print:]\n" | ${SEDBINARY} 's/[[:blank:]]\{1,\}/:space:/g') DATA=$(${EGREPBINARY} "@@?([a-zA-Z0-9\-])+(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?" ${F} | ${GREPBINARY} -v "#" | ${TRBINARY} -cd "[:print:]\n" | ${SEDBINARY} 's/[[:blank:]]\{1,\}/:space:/g')
if [ -z "${DATA}" ]; then if [ -n "${DATA}" ]; then
LogText "Result: no remote target found"
else
LogText "Result: found remote target" LogText "Result: found remote target"
REMOTE_LOGGING_ENABLED=1 REMOTE_LOGGING_ENABLED=1
for D in ${DATA}; do for D in ${DATA}; do
@ -379,6 +377,15 @@
LogText "Data: ${D}" LogText "Data: ${D}"
fi fi
done done
else
# Check new style configuration (omrelp/omfwd). This can be all on one line or even split over multiple lines.
DATA=$(${EGREPBINARY} "target=\"([a-zA-Z0-9\-])" ${F})
if [ -n "${DATA}" ]; then
LogText "Result: most likely remote log host is used, as keyword 'target' is used"
REMOTE_LOGGING_ENABLED=1
else
LogText "Result: no remote target found"
fi
fi fi
done done
fi fi
@ -412,11 +419,13 @@
# Show result # Show result
if [ ${REMOTE_LOGGING_ENABLED} -eq 0 ]; then if [ ${REMOTE_LOGGING_ENABLED} -eq 0 ]; then
Report "remote_syslog_configured=0"
LogText "Result: no remote logging found" LogText "Result: no remote logging found"
ReportSuggestion ${TEST_NO} "Enable logging to an external logging host for archiving purposes and additional protection" ReportSuggestion ${TEST_NO} "Enable logging to an external logging host for archiving purposes and additional protection"
AddHP 1 3 AddHP 1 3
Display --indent 2 --text "- Checking remote logging" --result "NOT ENABLED" --color YELLOW Display --indent 2 --text "- Checking remote logging" --result "NOT ENABLED" --color YELLOW
else else
Report "remote_syslog_configured=1"
AddHP 5 5 AddHP 5 5
Display --indent 2 --text "- Checking remote logging" --result "${STATUS_ENABLED}" --color GREEN Display --indent 2 --text "- Checking remote logging" --result "${STATUS_ENABLED}" --color GREEN
fi fi