#!/bin/sh ################################################################################# # # Lynis # ------------------ # # Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands # Web site: http://www.rootkit.nl # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # welcome to redistribute it under the terms of the GNU General Public License. # See LICENSE file for usage of this software. # ################################################################################# # # Banners and identification # ################################################################################# # InsertSection "Banners and identification" # Display --indent 2 --text "- Checking banners..." # ################################################################################# # BANNER_FILES="/etc/issue /etc/issue.net /etc/motd" LEGAL_BANNER_STRINGS="access authorized legal monitor owner policy policies private prohibited restricted this unauthorized" # ################################################################################# # # Test : BANN-7113 # Description : Check FreeBSD COPYRIGHT banner file Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --description "Check COPYRIGHT banner file" if [ ${SKIPTEST} -eq 0 ]; then logtext "Test: Testing existence /COPYRIGHT or /etc/COPYRIGHT" if [ -f /COPYRIGHT ]; then Display --indent 2 --text "- /COPYRIGHT" --result FOUND --color GREEN if [ -s /COPYRIGHT ]; then logtext "Result: /COPYRIGHT available and contains text" else logtext "Result: /COPYRIGHT available, but empty" fi else Display --indent 2 --text "- /COPYRIGHT" --result "NOT FOUND" --color WHITE logtext "Result: /COPYRIGHT not found" fi if [ -f /etc/COPYRIGHT ]; then Display --indent 2 --text "- /etc/COPYRIGHT" --result FOUND --color GREEN if [ -s /etc/COPYRIGHT ]; then logtext "Result: /etc/COPYRIGHT available and contains text" else logtext "Result: /etc/COPYRIGHT available, but empty" fi else Display --indent 2 --text "- /etc/COPYRIGHT" --result "NOT FOUND" --color WHITE logtext "Result: /etc/COPYRIGHT not found" fi fi # ################################################################################# # # Test : BANN-7119 # Description : Check MOTD banner file Register --test-no BANN-7119 --weight L --network NO --description "Check MOTD banner file" if [ ${SKIPTEST} -eq 0 ]; then logtext "Test: Testing existence /etc/motd" if [ -f /etc/motd ]; then logtext "Result: file /etc/motd exists" Display --indent 2 --text "- /etc/motd..." --result FOUND --color GREEN if [ ! -L /etc/motd ]; then IsWorldWritable /etc/motd if [ "${FileIsWorldWritable}" = "TRUE" ]; then Display --indent 4 --text "- /etc/motd permissions..." --result WARNING --color RED logtext "Result: /etc/motd is world writable. Users can change this file!" ReportWarning ${TEST_NO} "H" "/etc/motd is world writable" else Display --indent 4 --text "- /etc/motd permissions..." --result OK --color GREEN logtext "Result: /etc/motd is not world writable." fi else logtext "Result: file /etc/motd is symlink" fi else logtext "Result: File /etc/motd not found" Display --indent 2 --text "- /etc/motd..." --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : BANN-7122 # Description : Check motd file to see if it contains some form of message # to discourage unauthorized users to leave the system alone if [ -f /etc/motd -a ! -L /etc/motd ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no BANN-7122 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check /etc/motd banner file contents" if [ ${SKIPTEST} -eq 0 ]; then N=0 logtext "Test: Checking file /etc/motd contents for legal key words" for I in ${LEGAL_BANNER_STRINGS}; do FIND=`grep -i "${I}" /etc/motd` if [ ! "${FIND}" = "" ]; then logtext "Result: found string '${I}'" N=`expr ${N} + 1` fi done # Check if we have 5 or more key words if [ ${N} -gt 4 ]; then logtext "Result: Found ${N} key words, to warn unauthorized users" Display --indent 4 --text "- /etc/motd contents..." --result OK --color GREEN AddHP 2 2 else logtext "Result: Found only ${N} key words, to warn unauthorized users and could be increased" Display --indent 4 --text "- /etc/motd contents..." --result WEAK --color YELLOW ReportSuggestion ${TEST_NO} "Add legal banner to /etc/motd, to warn unauthorized users" AddHP 0 1 fi fi # ################################################################################# # # Test : BANN-7124 # Description : Check issue banner file Register --test-no BANN-7124 --weight L --network NO --description "Check issue banner file" if [ ${SKIPTEST} -eq 0 ]; then logtext "Test: Checking file /etc/issue" if [ -f /etc/issue ]; then # Check for symlink if [ -L /etc/issue ]; then logtext "Result: file /etc/issue exists (symlink)" Display --indent 2 --text "- /etc/issue..." --result SYMLINK --color GREEN else Display --indent 2 --text "- /etc/issue..." --result FOUND --color GREEN fi else logtext "Result: file /etc/issue does not exist" Display --indent 2 --text "- /etc/issue..." --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : BANN-7126 # Description : Check issue file to see if it contains some form of message # to discourage unauthorized users to leave the system alone if [ -f /etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue banner file contents" if [ ${SKIPTEST} -eq 0 ]; then N=0 logtext "Test: Checking file /etc/issue contents for legal key words" for I in ${LEGAL_BANNER_STRINGS}; do FIND=`grep -i "${I}" /etc/issue` if [ ! "${FIND}" = "" ]; then logtext "Result: found string '${I}'" N=`expr ${N} + 1` fi done # Check if we have 5 or more key words if [ ${N} -gt 4 ]; then logtext "Result: Found ${N} key words (5 or more suggested), to warn unauthorized users" Display --indent 4 --text "- /etc/issue contents..." --result OK --color GREEN AddHP 2 2 else logtext "Result: Found only ${N} key words (5 or more suggested), to warn unauthorized users and could be increased" Display --indent 4 --text "- /etc/issue contents..." --result WEAK --color YELLOW ReportSuggestion ${TEST_NO} "Add a legal banner to /etc/issue, to warn unauthorized users" AddHP 0 1 fi fi # ################################################################################# # # Test : BANN-7128 # Description : Check issue.net banner file Register --test-no BANN-7128 --weight L --network NO --description "Check issue.net banner file" if [ ${SKIPTEST} -eq 0 ]; then logtext "Test: Checking file /etc/issue.net" if [ -f /etc/issue.net ]; then # Check for symlink if [ -L /etc/issue.net ]; then logtext "Result: file /etc/issue.net exists (symlink)" Display --indent 2 --text "- /etc/issue.net..." --result SYMLINK --color GREEN else logtext "Result: file /etc/issue.net exists" Display --indent 2 --text "- /etc/issue.net..." --result FOUND --color GREEN fi else logtext "Result: file /etc/issue.net does not exist" Display --indent 2 --text "- /etc/issue.net..." --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : BANN-7130 # Description : Check issue.net file to see if it contains some form of message # to discourage unauthorized users to leave the system alone if [ -f /etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue.net banner file contents" if [ ${SKIPTEST} -eq 0 ]; then N=0 logtext "Test: Checking file /etc/issue.net contents for legal key words" for I in ${LEGAL_BANNER_STRINGS}; do FIND=`grep -i "${I}" /etc/issue.net` if [ ! "${FIND}" = "" ]; then logtext "Result: found string '${I}'" N=`expr ${N} + 1` fi done # Check if we have 5 or more key words if [ ${N} -gt 4 ]; then logtext "Result: Found ${N} key words, to warn unauthorized users" Display --indent 4 --text "- /etc/issue.net contents..." --result OK --color GREEN AddHP 2 2 else logtext "Result: Found only ${N} key words, to warn unauthorized users and could be increased" Display --indent 4 --text "- /etc/issue.net contents..." --result WEAK --color YELLOW ReportSuggestion ${TEST_NO} "Add legal banner to /etc/issue.net, to warn unauthorized users" AddHP 0 1 fi fi # ################################################################################# # # /etc/dt/config/*/Xresources # /etc/default/telnetd (telnet without TCP wrappers) # /etc/default/ftpd (ftp without TCP wrappers) # /etc/ftpd/banner.msg (ftp without TCP wrappers on Solaris) # /etc/ftpaccess (HP-UX) # /etc/ftpmotd (AIX) # /etc/ftpaccess.ctl (AIX) # /etc/security/login.cfg (AIX) # /etc/X11/xdm/Xresources # /etc/X11/xdm/kdmrc # /etc/X11/gdm/gdm # /etc/vsftpd.conf # ################################################################################# # wait_for_keypress # ################################################################################# # # Notes: # HPUX: /etc/copyright # #================================================================================ # Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands