#!/bin/sh ################################################################################# # # Lynis # ------------------ # # Copyright 2007-2015, Michael Boelen (michael@rootkit.nl), The Netherlands # Web site: http://www.rootkit.nl # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # welcome to redistribute it under the terms of the GNU General Public License. # See LICENSE file for usage of this software. # ################################################################################# # # E-mail and messaging # ################################################################################# # InsertSection "Software: e-mail and messaging" # ################################################################################# # DOVECOT_RUNNING=0 EXIM_RUNNING=0 SMTP_DAEMON="" POSTFIX_RUNNING=0 QMAIL_RUNNING=0 SENDMAIL_RUNNING=0 OPENSMTPD_RUNNING=0 # ################################################################################# # # Test : MAIL-8802 # Description : Check Exim process status Register --test-no MAIL-8802 --weight L --network NO --description "Check Exim status" if [ ${SKIPTEST} -eq 0 ]; then logtext "Test: check Exim status" IsRunning exim if [ ${RUNNING} -eq 1 ]; then logtext "Result: found running Exim process" Display --indent 2 --text "- Checking Exim status" --result RUNNING --color GREEN EXIM_RUNNING=1 SMTP_DAEMON="exim" else logtext "Result: no running Exim processes found" Display --indent 2 --text "- Checking Exim status" --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : MAIL-8804 # Description : Check Exim configuration #if [ ${EXIM_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi #Register --test-no MAIL-8804 --weight L --network NO --description "Check Exim configuration" #if [ ${SKIPTEST} -eq 0 ]; then # if [ ! "${EXIMBINARY}" = "" ]; then # logtext "Test: Searching Exim configuration file" # FIND=`${EXIMBINARY} -d | grep "configuration file is" | sed 's/configuration file is//'` # if [ ! "${FIND}" = "" ]; then # Display --indent 2 --text "- Checking Exim configuration" --result FOUND --color GREEN # Display --indent 4 --text "Result: configuration file is ${FIND}" # logtext "Result: found Exim" # logtext "Result: configuration file is ${FIND}" # else # Display --indent 2 --text "- Checking Exim configuration" --result WARNING --color RED # logtext "Couldn't find the Exim configuration file, however Exim seems to be installed." # fi # else # logtext "Exim binary not found, no tests performed" # fi # ################################################################################# # # Test : MAIL-8814 # Description : Check Postfix process # Notes : qmgr and pickup run under postfix uid, without full path to binary Register --test-no MAIL-8814 --weight L --network NO --description "Check postfix process status" if [ ${SKIPTEST} -eq 0 ]; then logtext "Test: check Postfix status" # Some other processes also use master, therefore it should include both master and postfix FIND1=`${PSBINARY} ax | grep "master" | grep "postfix" | grep -v "grep"` #FIND2=`${PSBINARY} ax | grep "qmgr" | grep "postfix" | grep -v "grep"` #FIND3=`${PSBINARY} ax | grep "pickup" | grep "postfix" | grep -v "grep"` if [ ! "${FIND1}" = "" ]; then logtext "Result: found running Postfix process" Display --indent 2 --text "- Checking Postfix status" --result RUNNING --color GREEN POSTFIX_RUNNING=1 SMTP_DAEMON="postfix" else logtext "Result: no running Postfix processes found" Display --indent 2 --text "- Checking Postfix status" --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : MAIL-8816 # Description : Check Postfix configuration if [ ${POSTFIX_RUNNING} -eq 1 -a ! "${POSTFIXBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no MAIL-8816 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Postfix configuration" if [ ${SKIPTEST} -eq 0 ]; then Display --indent 2 --text "- Checking Postfix configuration" --result FOUND --color GREEN POSTFIX_CONFIGDIR=`${POSTCONFBINARY} | grep '^config_directory' | awk '{ print $3 }'` POSTFIX_CONFIGFILE="${POSTFIX_CONFIGDIR}/main.cf" logtext "Postfix configuration directory: ${POSTFIX_CONFIGDIR}" logtext "Postfix configuration file: ${POSTFIX_CONFIGFILE}" fi # ################################################################################# # # Test : MAIL-8818 # Description : Check Postfix configuration if [ ${POSTFIX_RUNNING} -eq 1 -a ! "${POSTFIXBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no MAIL-8818 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Postfix configuration: banner" if [ ${SKIPTEST} -eq 0 ]; then logtext "Test: Checking Postfix banner" FIND1=`${POSTCONFBINARY} | grep '^smtpd_banner' | grep 'postfix'` FIND2=`${POSTCONFBINARY} | grep '^smtpd_banner' | grep '$mail_name'` FIND3=`${POSTCONFBINARY} | grep '^mail_name' | grep -i 'postfix'` #YYY Check if OS name shows up in banner #FIND4=`${POSTCONFBINARY} | grep '^smtpd_banner' | egrep "${OS}|${LINUX_VERSION}` SHOWWARNING=0 if [ ! "${FIND1}" = "" ]; then SHOWWARNING=1 else if [ ! "${FIND2}" = "" -a ! "${FIND3}" = "" ]; then SHOWWARNING=1 else Display --indent 4 --text "- Checking Postfix banner" --result OK --color GREEN fi fi if [ ${SHOWWARNING} -eq 1 ]; then Display --indent 4 --text "- Checking Postfix banner" --result WARNING --color RED logtext "Result: found mail_name in SMTP banner, and/or mail_name contains 'Postfix'." ReportWarning ${TEST_NO} "L" "Found mail_name in SMTP banner, and/or mail_name contains 'Postfix'" ReportSuggestion ${TEST_NO} "You are adviced to hide the mail_name (option: smtpd_banner) from your postfix configuration. Use postconf -e or change your main.cf file (${POSTFIX_CONFIGFILE})" fi fi # ################################################################################# # # Test : MAIL-8838 # Description : Check Dovecot process Register --test-no MAIL-8838 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check dovecot process" if [ ${SKIPTEST} -eq 0 ]; then logtext "Test: check dovecot status" IsRunning dovecot if [ ${RUNNING} -eq 1 ]; then logtext "Result: found running dovecot process" Display --indent 2 --text "- Checking Dovecot status" --result RUNNING --color GREEN DOVECOT_RUNNING=1 IMAP_DAEMON="dovecot" POP3_DAEMON="dovecot" else logtext "Result: dovecot not found" Display --indent 2 --text "- Checking Dovecot status" --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : MAIL-8842 # Description : Check Dovecot logging locations #Register --test-no MAIL-8842 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check dovecot logging locations" #if [ ${SKIPTEST} -eq 0 ]; then # ParseDovecot # CONF="/etc/dovecot/dovecot.conf" # FIND=`cat ${CONF} | grep "^log_path" | awk '{ if ($1=="") { print "syslog" } else { print $3 } }'` # if [ ! "${FIND}" = "" ]; then # logtext "Result: output for error messages = ${FIND}" # fi # # FIND=`cat ${CONF} | grep "^log_info_path" | awk '{ if ($1=="") { print "syslog" } else { print $3 } }'` # if [ ! "${FIND}" = "" ]; then # logtext "Result: output for informational messages = ${FIND}" # fi # # fi # ################################################################################# # # Test : MAIL-8860 # Description : Check Qmail process status Register --test-no MAIL-8860 --weight L --network NO --description "Check Qmail status" if [ ${SKIPTEST} -eq 0 ]; then logtext "Test: check Qmail status" IsRunning qmail-smtpd if [ ${RUNNING} -eq 1 ]; then logtext "Result: found running Qmail process" Display --indent 2 --text "- Checking Qmail status" --result RUNNING --color GREEN QMAIL_RUNNING=1 SMTP_DAEMON="qmail" else logtext "Result: no running Qmail processes found" Display --indent 2 --text "- Checking Qmail status" --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : MAIL-8880 # Description : Check Sendmail process status Register --test-no MAIL-8880 --weight L --network NO --description "Check Sendmail status" if [ ${SKIPTEST} -eq 0 ]; then logtext "Test: check sendmail status" IsRunning sendmail if [ ${RUNNING} -eq 1 ]; then logtext "Result: found running Sendmail process" Display --indent 2 --text "- Checking Sendmail status" --result RUNNING --color GREEN SENDMAIL_RUNNING=1 SMTP_DAEMON="sendmail" else logtext "Result: no running Sendmail processes found" Display --indent 2 --text "- Checking Sendmail status" --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : MAIL-8920 # Description : Check OpenSMTPD process status if [ ! "${SMTPCTLBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no MAIL-8920 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check OpenSMTPD status" if [ ${SKIPTEST} -eq 0 ]; then logtext "Test: check smtpd status" FIND=`${PSBINARY} ax | egrep "(/smtpd|smtpd: \[priv\]|smtpd: smtp)" | grep -v "grep"` if [ ! "${FIND}" = "" ]; then logtext "Result: found running smtpd process" Display --indent 2 --text "- Checking OpenSMTPD status" --result RUNNING --color GREEN OPENSMTPD_RUNNING=1 SMTP_DAEMON="opensmtpd" else logtext "Result: smtpd not found" Display --indent 2 --text "- Checking OpenSMTPD status" --result "NOT FOUND" --color WHITE fi fi # ################################################################################# # # Test : MAIL-xxxx # Description : Check if outgoing mail is obscured (increased privacy) #Register --test-no MAIL-xxxx --weight L --network NO --description "Check XXX" #if [ ${SKIPTEST} -eq 0 ]; then # ################################################################################# # #YYY Add support for mail, procmail #YYY Add support for MUAs: Thunderbird, Kmail, Evolution # Other software : Cyrus-IMAP, Amavisd-new, SpamAssassin, Fetchmail, Procmail, maildrop #- Dovecot : \'/usr/local/etc/dovecot.conf\' #- For Sendmail : \'/var/mail/sendmail.cf\' #- Fetchmail : \'~/.fetchmailrc\' (not only root) #- Cyrus-IMAP : \'/usr/local/etc/imapd.conf\' for parameters and \'/usr/local/etc/cyrus.conf\' for the services launched # ################################################################################# # report "imap_daemon=${IMAP_DAEMON}" report "pop3_daemon=${POP3_DAEMON}" report "smtp_daemon=${SMTP_DAEMON}" wait_for_keypress # #================================================================================ # Lynis - Copyright 2007-2015, Michael Boelen - www.rootkit.nl - The Netherlands