#!/bin/sh ################################################################################# # # Lynis # ------------------ # # Copyright 2007-2015, Michael Boelen (michael.boelen@cisofy.com) # Web site: https://cisofy.com # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # welcome to redistribute it under the terms of the GNU General Public License. # See LICENSE file for usage of this software. # ################################################################################# # # Parameter checks # ################################################################################# # # Check number of parameters submitted (at least one is needed) PARAMCOUNT=$# while [ $# -ge 1 ]; do case $1 in # Helpers first audit) CHECK_BINARIES=0 RUN_HELPERS=1 HELPER="audit" RUN_PLUGINS=0 RUN_TESTS=0 if [ ! $2 = "" ]; then case $2 in "dockerfile") if [ "$3" = "" ]; then Display --text "${RED}Error: ${WHITE}Missing file name or URL${NORMAL}" Display --text "Example: lynis audit dockerfile /root/Dockerfile" ExitFatal else shift; shift HELPER_PARAMS="$1 $2 $3" HELPER="audit_dockerfile" break fi ;; "system") CHECK_BINARIES=1 HELPER="" RUN_PLUGINS=1 RUN_TESTS=1 shift #break ;; esac else Display --text "${RED}Error: ${WHITE}Need a target to audit${NORMAL}" Display --text " " Display --text "Examples:" Display --text "lynis audit dockerfile" Display --text "lynis audit system" ExitFatal fi #break ;; # Helpers first update) CHECK_BINARIES=0 RUN_HELPERS=1 HELPER="update" RUN_PLUGINS=0 RUN_TESTS=0 SHOW_PROGRAM_DETAILS=0 if [ ! $2 = "" ]; then shift HELPER_PARAMS="$1 $2" break else Display --text "${RED}Error: ${WHITE}Need a target for update${NORMAL}" Display --text " " Display --text "Examples:" Display --text "lynis update info" Display --text "lynis update release" ExitFatal fi ;; # Assign auditor to report --auditor) shift AUDITORNAME=$1 ;; # Perform tests -c | --check-all | --checkall) CHECK=1 ;; # Cronjob support --cronjob | --cron) CRONJOB=1; # Use some defaults (-c, -Q, no colors) CHECK=1; QUICKMODE=1; NEVERBREAK=1 # Get rid of the colors NORMAL=""; WARNING=""; SECTION=""; NOTICE=""; OK=""; BAD=""; CYAN=""; MAGENTA=""; PURPLE=""; YELLOW=""; WHITE=""; GREEN=""; RED="" ;; # Perform tests with additional debugging information on screen --debug) DEBUG=1 ;; --dump-options | --dumpoptions) OPTIONS="--auditor --check-all_(-c) --cronjob --debug --help --info --license-key --log-file --manpage --no-colors --no-log --pentest --profile --plugins-dir --quiet --quick --report-file --reverse-colors --tests --tests-category --upload --version --view-categories" for I in ${OPTIONS}; do echo "${I}" done ExitClean ;; # View help --help | -h) VIEWHELP=1 ;; # View program/database information --check-update | --check-updates | --info) echo "This option is deprecated" echo "Use: lynis update info" ExitClean ;; # License key for Lynis Enterprise --license-key) shift LICENSE_KEY=$1 ;; # Adjust default logfile location --logfile | --log-file) shift LOGFILE=$1 ;; # Don't use colors --no-colors | --nocolors) NORMAL=""; WARNING=""; SECTION=""; NOTICE=""; OK=""; BAD=""; CYAN=""; MAGENTA=""; PURPLE=""; YELLOW=""; WHITE=""; GREEN=""; RED="" ;; # Disable logging --no-log | --nolog) LOGFILE="/dev/null" ;; --pentest | --pen-test) PENTESTINGMODE=1 ;; # Define a custom profile file --profile) shift PROFILE=$1 ;; # Define a custom plugin directory --plugin-dir | --plugins-dir) shift PLUGINDIR=$1 LASTCHAR=`echo $1 | awk '{ print substr($0, length($0))}'` if [ "${LASTCHAR}" = "/" ]; then echo "${RED}Error:${WHITE} plugin directory path should not end with a slash${NORMAL}" ExitCustom 65 fi if [ ! -d ${PLUGINDIR} ]; then echo "${RED}Error:${WHITE} invalid plugin directory ${PLUGINDIR}${NORMAL}" ExitCustom 66 fi ;; # Quiet mode -q | --quiet) QUIET=1 # Run non-interactive QUICKMODE=1 ;; # Non-interactive mode -Q | --quick) QUICKMODE=1 ;; --report-file) shift REPORTFILE=$1 ;; # Strip the colors which aren't clearly visible on light backgrounds --reverse-colors) #NORMAL=""; SECTION="${NORMAL}"; NOTICE="${NORMAL}"; #OK=""; #BAD=""; CYAN="${NORMAL}"; GREEN="${NORMAL}"; YELLOW="${NORMAL}"; WHITE="${NORMAL}"; PURPLE="${NORMAL}"; #GREEN=""; #RED="" ;; # Only scan these tests --tests) shift TESTS_TO_PERFORM=$1 ;; # Scan one or more categories only --tests-category) shift TESTS_CATEGORY_TO_PERFORM=$1 ;; # Lynis Enterprise: upload data to central node --upload) UPLOAD_DATA=1 ;; # Version number -V | --version) echo "${PROGRAM_version}" exit 0 ;; --view-categories | --list-categories | --show-categories) ViewCategories exit 0 ;; # View man page --view-manpage | --man | --manpage) if [ -f lynis.8 ]; then nroff -man lynis.8 exit 0 else echo "Error: man page file not found (lynis.8)" echo "If you are running an installed version of Lynis, use 'man lynis'" exit 1 fi ;; # Drop out when using wrong option(s) *) # Wrong option used, we bail out later WRONGOPTION=1 WRONGOPTION_value=$1 ;; esac shift done #================================================================================ # Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com