Commit Graph

73 Commits

Author SHA1 Message Date
hlein e054e9757c Lots of cleanups (#366)
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 19:23:08 +00:00
hlein b595cc0fb5 Various cleanups (#363)
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
2017-03-06 07:41:21 +00:00
Michael Boelen 89c3e449ad [BOOT-5104] added initsplash and code enhancements 2017-03-05 13:13:20 +01:00
Michael Boelen f7478bc9e0 Unique sort of systemctl unit files 2017-02-14 20:15:00 +01:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Zach Crownover 659d3e42c5 Improve DragonFly support (#329)
* Update facter location for BSDs

BSDs tend to place third party binaries in /usr/local rather than /usr

* Add support for DragonFly boot loader detection

DragonFly BSD has the same file paths for the bootloader as FreeBSD

* Add kernel module checking for DragonFly

DragonFly BSD checks kernel modules the same way as FreeBSD

* Add DragonFly check for login shells

DragonFly's login files are the same as FreeBSD's

* Add HAMMER PFS Detection

All PFS mounts in HAMMER systems for DragonFly will be detected now
2016-11-19 12:39:57 +00:00
Justin P 50b06efd30 macOS Refactoring (#311)
* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.

* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.

Tested on my own machine, unable to find any errors outside of normal parameters.
2016-11-05 11:53:22 +01:00
Michael Boelen db7bff9cb2 Missing fi in BOOT-5139 2016-10-26 13:31:59 +02:00
Michael Boelen 9203b01f88 [BOOT-5139] support for roles 2016-10-26 12:34:56 +02:00
marcus-cr b95e44a526 Changed LILO testing depending on server/workstation or personal roles (#302)
Test will display result in red if no boot loader password set and if
server or workstation role was set. Cosmetic change for log text, one
instead of two log texts.

Test displays result in yellow if using personal machine role as
suggestion for typical users.
2016-10-26 12:30:31 +02:00
Michael Boelen a60d4b973a Disabled exception for boot loader 2016-10-19 10:07:11 +02:00
Michael Boelen 7b8c04c3b1 [BOOT-5202] use generic variables between OSes 2016-10-17 17:24:34 +02:00
Michael Boelen 61fb197638 [BOOT-5202] changes to uptime measurement for macOS and others 2016-10-17 17:18:10 +02:00
Michael Boelen 82ededed31 Style improvements and command replacements 2016-09-08 21:04:17 +02:00
Michael Boelen 679e8c628e Use detected binaries 2016-08-25 15:31:33 +02:00
Michael Boelen 7744aa87ad [BOOT-5108] Support for Syslinux bootloader 2016-08-18 15:31:51 +02:00
Michael Boelen f9b2993f35 Removed unneeded field 2016-08-10 07:24:10 +02:00
Michael Boelen 1715a1e2b5 Removed unneeded field for warnings and suggestions 2016-08-10 07:12:29 +02:00
Michael Boelen 2f4c854ba7 Rename of categories, introduction of groups 2016-07-24 17:22:00 +02:00
Michael Boelen 576e11b995 [BOOT-5122] Extended password check 2016-07-11 11:24:52 +02:00
ratrop cd2429688b Update tests_boot_services (#201)
Added detection of password for Grub2 in Ubuntu 14.04 LTS. Previous version doesn't detect it.
2016-07-11 11:20:05 +02:00
Michael Boelen 983e293eb1 Replaced text strings to allow translations 2016-06-18 11:14:01 +02:00
Michael Boelen eded02cfde Rewritten counters and dealing with values 2016-05-03 14:57:53 +02:00
mboelen a765163a25 Minor changes to identation and variable names 2016-05-02 13:26:27 +02:00
StrangeBubble 81a4821636 Check if file is symlink or not (#184) 2016-05-02 13:23:43 +02:00
mboelen 42607ceaf5 Replaced old function names with new ones 2016-04-28 12:31:57 +02:00
mboelen ea9c40a36c Changed text to avoid showing up as a suggestion 2016-04-25 20:48:21 +02:00
mboelen 166c35bc69 Change color when UEFI is disabled 2016-04-19 17:45:46 +02:00
mboelen e949e560d7 Improve systemd detection on Fedora 2016-03-17 20:57:31 +01:00
mboelen a427eb6fa7 Rewrote test to determine system manager 2016-03-17 20:32:21 +01:00
mboelen a33b3c828f Check system manager and allow init as option in /proc/1/cmdline 2016-03-17 16:40:53 +01:00
mboelen 237c0f87a7 BOOT-5104: Rewrote test to detect service manager 2016-03-16 12:10:10 +01:00
mboelen 8cc47819b4 Removed copyright line, added description 2016-03-13 16:03:46 +01:00
mboelen 6197ac08e7 Added link to website, blog, github 2016-03-13 16:00:39 +01:00
mboelen d16b38eff8 Rename of logtext and report functions, upcoming year change 2015-12-21 21:17:15 +01:00
mboelen 2be968eb2c Add new test BOOT-5106 to check for boot.efi on Mac OS X 2015-12-08 18:41:43 +01:00
SiemKorteweg 0c48fc3880 Optimized use of cat, grep and awk.
Detection of duplicate entries in /etc/hosts is now more robust.
On CentOS7 the SERVICE_MANAGER is detected correctly.
2015-10-10 13:25:14 +02:00
mboelen cc4feee4e5 New way of reporting a warning 2015-09-24 21:41:48 +02:00
Roland Smith f11783dbdf Merge branch 'master' into freebsd-services 2015-09-16 20:29:51 +02:00
mboelen 1316fdf38b Changed identation for GRUB2 test 2015-09-07 21:13:12 +02:00
mboelen d23ef2db0b Changed screen identation of GRUB2 test 2015-09-07 17:42:29 +02:00
mboelen 1283ccc061 Added new test for UEFI detection [BOOT-5116] and storing data in report 2015-09-07 17:41:05 +02:00
mboelen 649f0cfb3c Improved BOOT-5180 detection for newer systems like Debian 8 and screen output enhancement 2015-08-20 18:37:03 +02:00
mboelen 66fb369593 Copyright line changes and cleanups 2015-07-22 16:28:11 +02:00
Roland Smith 1bb5b4b0a6 FreeBSD uses the bsdrc service manager.
With this patch, a run on my machine returns:

    [+] Initializing program
    ------------------------------------
    - Detecting OS...  [ DONE ]

    ---------------------------------------------------
    Program version:           2.1.1
    Operating system:          FreeBSD
    Operating system name:     FreeBSD
    ...

    [+] Boot and services
    ------------------------------------
    - Service Manager [ bsdrc ]
2015-04-27 20:09:18 +02:00
Roland Smith db828b5e03 Used service(8) to discover running services.
On all supported FreeBSD releases, the service(8) program can be used to
discover which services are running. This program has been added to the test
for binaries. If available, it will be used to test for services. If not, the
original code that parses /etc/rc.conf is used.

On my system, the following information is produced in the logfile:

    [19:51:22] Performing test ID BOOT-5165 (Check for FreeBSD boot services)
    [19:51:22] Searching for services at startup (service)
    [19:51:23] Found service (service/rc.conf): bgfsck
    [19:51:23] Found service (service/rc.conf): cleanvar
    [19:51:23] Found service (service/rc.conf): cron
    [19:51:23] Found service (service/rc.conf): cupsd
    [19:51:23] Found service (service/rc.conf): dbus
    [19:51:23] Found service (service/rc.conf): devd
    [19:51:23] Found service (service/rc.conf): dmesg
    [19:51:23] Found service (service/rc.conf): dnsmasq
    [19:51:23] Found service (service/rc.conf): gptboot
    [19:51:23] Found service (service/rc.conf): hostid
    [19:51:23] Found service (service/rc.conf): hostid_save
    [19:51:23] Found service (service/rc.conf): ip6addrctl
    [19:51:23] Found service (service/rc.conf): ipfw
    [19:51:23] Found service (service/rc.conf): mixer
    [19:51:23] Found service (service/rc.conf): motd
    [19:51:23] Found service (service/rc.conf): newsyslog
    [19:51:23] Found service (service/rc.conf): nginx
    [19:51:23] Found service (service/rc.conf): openntpd
    [19:51:23] Found service (service/rc.conf): postfix
    [19:51:23] Found service (service/rc.conf): powerd
    [19:51:23] Found service (service/rc.conf): sendmail
    [19:51:23] Found service (service/rc.conf): smartd
    [19:51:23] Found service (service/rc.conf): syslogd
    [19:51:23] Found service (service/rc.conf): virecover
    [19:51:23] Found 24 services/options to run at startup

The report shows:

    [+] Boot and services
    ------------------------------------
    - Service Manager [ UNKNOWN ]
    - Checking presence FreeBSD loader [ FOUND ]
    - Checking services at startup (service/rc.conf) [ DONE ]
    Result: found 24 services/options set
2015-04-27 19:58:07 +02:00
Aneesh Agrawal d282fbfc9c Update check for sulogin under systemd.
The default rescue.service unit file was updated
in the systemd repo on Jan 23, 2015
to allow for sulogin location variability.
2015-04-27 03:13:42 -04:00
mboelen 30bc903c5a Using return codes for file permission checks 2015-03-25 17:30:13 +01:00
mboelen 3ae5c61839 Support openSUSE location of sulogin binary 2015-02-13 15:09:37 +01:00
mboelen 5caf4ddc4f Update of the files to reflect HTTPS version of website and 2015. Happy New Year! 2015-01-03 12:45:22 +01:00