#!/bin/sh ################################################################################# # # Here you could insert your own custom checks # # Tips: # - Make sure to use each test ID only once in Register function and prefix them with CUST # - Use big steps in numbering, so you can easily put tests in between # - Want to improve Lynis? Share your checks! # ################################################################################# # # Test : CUST-0001 # Description : We show some lines on the screen # Register our first custom test # We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed Register --test-no CUST-0001 --weight L --network NO --description "A test case for colors and text display" if [ ${SKIPTEST} -eq 0 ]; then # The Display function makes it easy to show something on screen, with colors. # --indent defines amount of spaces # --text text to be displayed on screen # --result text at end of line # --color color of result text Display --indent 2 --text "- Checking if everything is OK..." --result OK --color GREEN Display --indent 4 --text "This shows one level deeper " --result NOTICE --color YELLOW Display --indent 6 --text "And even deeper" --result WARNING --color RED # Here we could add specific tests, like testing for a directory # Most tests use the "if-then-else". If something is true, take one step, otherwise the other. if [ -d /tmp ]; then LogText "Result: we have a temporary directory" else LogText "Result: no temporary directory found" fi # Common examples to use: # if [ -f /etc/file ]; then = Test if file exists # if [ -d /var/run/mydirectory ]; then = Test if directory exists # if [ ${MYVARIABLE} -eq 1 ]; then = Test if variable is set to 1 # if [ "${MYVARIABLE}" = "Value" ]; then = Test if variable is equal to specific value if [ -f /etc/file ]; then LogText "Result: Found file /etc/file" elif [ -f /etc/file2 ]; then LogText "Result: Found file /etc/file2" else LogText "Result: both /etc/file and /etc/file2 not found" fi # If a single value is stored in a variable, using case is effective. case ${OS} in # Only match one value "Linux") LogText "Found Linux" Display --indent 2 --text "OS: Linux" --result OK --color GREEN ;; # Matching several platforms "FreeBSD"|"NetBSD"|"OpenBSD") LogText "Found an operating system based on BSD" Display --indent 2 --text "OS: *BSD" --result OK --color GREEN # Catch-all for unknown values *) LogText "Did find another operating system" ;; esac # Show a warning on screen and in the report. We can specify a detail and how to solve it. ReportWarning "${TEST_NO}" "Something was wrong and should be fixed" "/etc/motd" "text:Change your motd" ReportSuggestion "${TEST_NO}" "Check if this process is running" "apache" "url:https://cisofy.com/support/" fi # ################################################################################# # # Add a new section to screen output InsertSection "Other Tests" # ################################################################################# # # First check if OPENSSLBINARY is known as a prerequisite for this test. if [ ! "${OPENSSLBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no CUST-0002 --preqs-met ${PREQS_MET} --weight M --network NO --description "Description of custom test" if [ ${SKIPTEST} -eq 0 ]; then FOUNDPROBLEM=0 DIR="/my/path" LogText "Test: we are going to check if we can find a particular directory (${DIR})" # Check if a directory exists if [ -d ${DIR} ]; then LogText "Result: log entry for easier debugging or additional information" else FOUNDPROBLEM=1 LogText "Result: directory ${DIR} was not found!" ReportWarning "${TEST_NO}" "This is a test warning line" "${DIR}" "text:Create directory ${DIR}" fi if [ ${FOUNDPROBLEM} -eq 0 ]; then Display --indent 2 --text "- Checking if everything is OK..." --result OK --color GREEN else Display --indent 2 --text "- Checking if everything is OK..." --result WARNING --color RED ReportSuggestion ${TEST_NO} "This is a suggestion" fi fi # ################################################################################# # # Wait for keypress (unless --quick is being used) wait_for_keypress # #================================================================================ # Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com