* Description fix: SafePerms works on files not dirs.
All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).
* Lots of whitespace cleanups.
Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces. But sometimes
it's 1, sometimes 3, sometimes 8.
These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).
This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.
FWIW I identified instances to check by using:
perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)
Which produced output like:
./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated"
./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then
./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists"
...There's probably formal shellscript-beautification tools that
I'm oblivious about.
* More whitespace standardization.
* Fix a syntax error.
This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.
* Add whitespace before closing ].
Without it, the shell thinks the ] is part of the last string, and
emits warnings like:
.../lynis/include/tests_authentication: line 1028: [: missing `]'
* Typo fix.
* Style change: always use $(), never ``.
The Lynis code already mostly used $(), but backticks were sprinkled
around. Converted all of them.
* Lots of minor spelling/typo fixes.
FWIW these were found with:
find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less
And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
* Update facter location for BSDs
BSDs tend to place third party binaries in /usr/local rather than /usr
* Add support for DragonFly boot loader detection
DragonFly BSD has the same file paths for the bootloader as FreeBSD
* Add kernel module checking for DragonFly
DragonFly BSD checks kernel modules the same way as FreeBSD
* Add DragonFly check for login shells
DragonFly's login files are the same as FreeBSD's
* Add HAMMER PFS Detection
All PFS mounts in HAMMER systems for DragonFly will be detected now
* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.
* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.
Tested on my own machine, unable to find any errors outside of normal parameters.
Test will display result in red if no boot loader password set and if
server or workstation role was set. Cosmetic change for log text, one
instead of two log texts.
Test displays result in yellow if using personal machine role as
suggestion for typical users.
With this patch, a run on my machine returns:
[+] Initializing program
------------------------------------
- Detecting OS... [ DONE ]
---------------------------------------------------
Program version: 2.1.1
Operating system: FreeBSD
Operating system name: FreeBSD
...
[+] Boot and services
------------------------------------
- Service Manager [ bsdrc ]
On all supported FreeBSD releases, the service(8) program can be used to
discover which services are running. This program has been added to the test
for binaries. If available, it will be used to test for services. If not, the
original code that parses /etc/rc.conf is used.
On my system, the following information is produced in the logfile:
[19:51:22] Performing test ID BOOT-5165 (Check for FreeBSD boot services)
[19:51:22] Searching for services at startup (service)
[19:51:23] Found service (service/rc.conf): bgfsck
[19:51:23] Found service (service/rc.conf): cleanvar
[19:51:23] Found service (service/rc.conf): cron
[19:51:23] Found service (service/rc.conf): cupsd
[19:51:23] Found service (service/rc.conf): dbus
[19:51:23] Found service (service/rc.conf): devd
[19:51:23] Found service (service/rc.conf): dmesg
[19:51:23] Found service (service/rc.conf): dnsmasq
[19:51:23] Found service (service/rc.conf): gptboot
[19:51:23] Found service (service/rc.conf): hostid
[19:51:23] Found service (service/rc.conf): hostid_save
[19:51:23] Found service (service/rc.conf): ip6addrctl
[19:51:23] Found service (service/rc.conf): ipfw
[19:51:23] Found service (service/rc.conf): mixer
[19:51:23] Found service (service/rc.conf): motd
[19:51:23] Found service (service/rc.conf): newsyslog
[19:51:23] Found service (service/rc.conf): nginx
[19:51:23] Found service (service/rc.conf): openntpd
[19:51:23] Found service (service/rc.conf): postfix
[19:51:23] Found service (service/rc.conf): powerd
[19:51:23] Found service (service/rc.conf): sendmail
[19:51:23] Found service (service/rc.conf): smartd
[19:51:23] Found service (service/rc.conf): syslogd
[19:51:23] Found service (service/rc.conf): virecover
[19:51:23] Found 24 services/options to run at startup
The report shows:
[+] Boot and services
------------------------------------
- Service Manager [ UNKNOWN ]
- Checking presence FreeBSD loader [ FOUND ]
- Checking services at startup (service/rc.conf) [ DONE ]
Result: found 24 services/options set