#!/bin/sh ################################################################################# # # Lynis # ------------------ # # Copyright 2007-2013, Michael Boelen # Copyright 2013-2016, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com # GitHub : https://github.com/CISOfy/lynis # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # welcome to redistribute it under the terms of the GNU General Public License. # See LICENSE file for usage of this software. # ################################################################################# # # E-mail and messaging # ################################################################################# # InsertSection "Software: e-mail and messaging" # ################################################################################# # DOVECOT_RUNNING=0 EXIM_RUNNING=0 SMTP_DAEMON="" POSTFIX_RUNNING=0 QMAIL_RUNNING=0 SENDMAIL_RUNNING=0 OPENSMTPD_RUNNING=0 # ################################################################################# # # Test : MAIL-8802 # Description : Check Exim process status Register --test-no MAIL-8802 --weight L --network NO --description "Check Exim status" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check Exim status" IsRunning exim if [ ${RUNNING} -eq 1 ]; then LogText "Result: found running Exim process" Display --indent 2 --text "- Checking Exim status" --result RUNNING --color GREEN EXIM_RUNNING=1 SMTP_DAEMON="exim" else LogText "Result: no running Exim processes found" Display --indent 2 --text "- Checking Exim status" --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : MAIL-8814 # Description : Check Postfix process # Notes : qmgr and pickup run under postfix uid, without full path to binary Register --test-no MAIL-8814 --weight L --network NO --description "Check postfix process status" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check Postfix status" # Some other processes also use master, therefore it should include both master and postfix FIND1=`${PSBINARY} ax | grep "master" | grep "postfix" | grep -v "grep"` #FIND2=`${PSBINARY} ax | grep "qmgr" | grep "postfix" | grep -v "grep"` #FIND3=`${PSBINARY} ax | grep "pickup" | grep "postfix" | grep -v "grep"` if [ ! "${FIND1}" = "" ]; then LogText "Result: found running Postfix process" Display --indent 2 --text "- Checking Postfix status" --result RUNNING --color GREEN POSTFIX_RUNNING=1 SMTP_DAEMON="postfix" else LogText "Result: no running Postfix processes found" Display --indent 2 --text "- Checking Postfix status" --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : MAIL-8816 # Description : Check Postfix configuration if [ ${POSTFIX_RUNNING} -eq 1 -a ! "${POSTFIXBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no MAIL-8816 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Postfix configuration" if [ ${SKIPTEST} -eq 0 ]; then Display --indent 2 --text "- Checking Postfix configuration" --result FOUND --color GREEN POSTFIX_CONFIGDIR=`${POSTCONFBINARY} 2> /dev/null | grep '^config_directory' | awk '{ print $3 }'` POSTFIX_CONFIGFILE="${POSTFIX_CONFIGDIR}/main.cf" LogText "Postfix configuration directory: ${POSTFIX_CONFIGDIR}" LogText "Postfix configuration file: ${POSTFIX_CONFIGFILE}" fi # ################################################################################# # # Test : MAIL-8818 # Description : Check Postfix configuration if [ ${POSTFIX_RUNNING} -eq 1 -a ! "${POSTFIXBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no MAIL-8818 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Postfix configuration: banner" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking Postfix banner" FIND1=`${POSTCONFBINARY} 2> /dev/null | grep '^smtpd_banner' | grep 'postfix'` FIND2=`${POSTCONFBINARY} 2> /dev/null | grep '^smtpd_banner' | grep '$mail_name'` FIND3=`${POSTCONFBINARY} 2> /dev/null | grep '^mail_name' | grep -i 'postfix'` #YYY Check if OS name shows up in banner #FIND4=`${POSTCONFBINARY} 2> /dev/null | grep '^smtpd_banner' | egrep "${OS}|${LINUX_VERSION}` SHOWWARNING=0 if [ ! "${FIND1}" = "" ]; then SHOWWARNING=1 else if [ ! "${FIND2}" = "" -a ! "${FIND3}" = "" ]; then SHOWWARNING=1 else Display --indent 4 --text "- Checking Postfix banner" --result OK --color GREEN fi fi if [ ${SHOWWARNING} -eq 1 ]; then Display --indent 4 --text "- Checking Postfix banner" --result WARNING --color RED LogText "Result: found mail_name in SMTP banner, and/or mail_name contains 'Postfix'." ReportWarning ${TEST_NO} "L" "Found mail_name in SMTP banner, and/or mail_name contains 'Postfix'" ReportSuggestion ${TEST_NO} "You are advised to hide the mail_name (option: smtpd_banner) from your postfix configuration. Use postconf -e or change your main.cf file (${POSTFIX_CONFIGFILE})" fi fi # ################################################################################# # # Test : MAIL-8838 # Description : Check Dovecot process Register --test-no MAIL-8838 --weight L --network NO --description "Check dovecot process" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check dovecot status" IsRunning dovecot if [ ${RUNNING} -eq 1 ]; then LogText "Result: found running dovecot process" Display --indent 2 --text "- Checking Dovecot status" --result RUNNING --color GREEN DOVECOT_RUNNING=1 IMAP_DAEMON="dovecot" POP3_DAEMON="dovecot" else LogText "Result: dovecot not found" Display --indent 2 --text "- Checking Dovecot status" --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : MAIL-8860 # Description : Check Qmail process status Register --test-no MAIL-8860 --weight L --network NO --description "Check Qmail status" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check Qmail status" IsRunning qmail-smtpd if [ ${RUNNING} -eq 1 ]; then LogText "Result: found running Qmail process" Display --indent 2 --text "- Checking Qmail status" --result RUNNING --color GREEN QMAIL_RUNNING=1 SMTP_DAEMON="qmail" else LogText "Result: no running Qmail processes found" Display --indent 2 --text "- Checking Qmail status" --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : MAIL-8880 # Description : Check Sendmail process status Register --test-no MAIL-8880 --weight L --network NO --description "Check Sendmail status" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check sendmail status" IsRunning sendmail if [ ${RUNNING} -eq 1 ]; then LogText "Result: found running Sendmail process" Display --indent 2 --text "- Checking Sendmail status" --result RUNNING --color GREEN SENDMAIL_RUNNING=1 SMTP_DAEMON="sendmail" else LogText "Result: no running Sendmail processes found" Display --indent 2 --text "- Checking Sendmail status" --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : MAIL-8920 # Description : Check OpenSMTPD process status if [ ! "${SMTPCTLBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no MAIL-8920 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check OpenSMTPD status" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check smtpd status" FIND=`${PSBINARY} ax | egrep "(/smtpd|smtpd: \[priv\]|smtpd: smtp)" | grep -v "grep"` if [ ! "${FIND}" = "" ]; then LogText "Result: found running smtpd process" Display --indent 2 --text "- Checking OpenSMTPD status" --result RUNNING --color GREEN OPENSMTPD_RUNNING=1 SMTP_DAEMON="opensmtpd" else LogText "Result: smtpd not found" Display --indent 2 --text "- Checking OpenSMTPD status" --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # Report "imap_daemon=${IMAP_DAEMON}" Report "pop3_daemon=${POP3_DAEMON}" Report "smtp_daemon=${SMTP_DAEMON}" wait_for_keypress # #================================================================================ # Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com