#!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
# Copyright 2007-2013, Michael Boelen
# Copyright 2007-2017, CISOfy
#
# Website : https://cisofy.com
# Blog : http://linux-audit.com
# GitHub : https://github.com/CISOfy/lynis
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Consts
#
#################################################################################
#
# Paths where system and program binaries are located
BIN_PATHS="/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin \
/usr/local/libexec /usr/libexec /usr/sfw/bin /usr/sfw/sbin \
/usr/sfw/libexec /opt/sfw/bin /opt/sfw/sbin /opt/sfw/libexec \
/usr/xpg4/bin /usr/css/bin /usr/ucb /usr/X11R6/bin /usr/X11R7/bin \
/usr/pkg/bin /usr/pkg/sbin"
ETC_PATHS="/etc /usr/local/etc"
# Do not use specific language, fall back to default
# Some tools with translated strings are very hard to parse
unset LANG
#
#################################################################################
#
# Initialize defaults
#
#################################################################################
#
# == Variable initializing ==
#
ARCH_AUDIT_BINARY=""
AUDITORNAME=""
AUDITCTLBINARY=""
AUDITDBINARY=""
AUTH_FAILED_LOGINS_LOGGED=0
AUTH_UNLOCK_TIME=-1
PROFILE=""
REPORTFILE=""
AFICKBINARY=""
AIDEBINARY=""
AASTATUSBINARY=""
AUDITD_RUNNING=0
APPLICATION_FIREWALL_ACTIVE=0
BINARY_SCAN_FINISHED=0
BLKIDBINARY=""
CAT_BINARY=""
CFAGENTBINARY=""
CHECK=0
CHECK_BINARIES=1
CHECK_OPTION_ARRAY=""
CHKROOTKITBINARY=""
CHKCONFIGBINARY=""
CLAMCONF_BINARY=""
CLAMSCANBINARY=""
COLORS=1
COMPLIANCE_ENABLE_CIS=0
COMPLIANCE_ENABLE_HIPAA=0
COMPLIANCE_ENABLE_ISO27001=0
COMPLIANCE_ENABLE_PCI_DSS=0
COMPLIANCE_TESTS_PERFORMED=0
COMPLIANCE_FINDINGS_FOUND=0
COMPRESSED_UPLOADS=0
CONTROL_URL_APPEND=""
CONTROL_URL_PREPEND=""
CONTROL_URL_PROTOCOL=""
CONTAINER_TYPE=""
CREATE_REPORT_FILE=1
CSUMBINARY=""
CUSTOM_URL_APPEND=""
CUSTOM_URL_PREPEND=""
CUSTOM_URL_PROTOCOL=""
CUTBINARY=""
DATABASE_ENGINE_RUNNING=0
DB2_RUNNING=0
DBUSDAEMONBINARY=""
DEBSECANBINARY=""
DEBSUMSBINARY=""
DEVELOPER_MODE=0
DISCOVERED_BINARIES=""
DNFBINARY=""
DOCKERBINARY=""
DOCKER_DAEMON_RUNNING=0
ECHOCMD=""
ERROR_ON_WARNINGS=0
FAIL2BANBINARY=""
FILEBINARY=""
FILEVALUE=""
FIND=""
FIREWALL_ACTIVE=0
FOUNDPATH=0
GETENT_BINARY=""
GRADMBINARY=""
GREPBINARY="grep"
GROUP_NAME=""
GRPCKBINARY=""
GRSEC_FOUND=0
GRUB2INSTALLBINARY=""
HAS_SYSTEMD=0
HEADBINARY=""
HELPER=""
HOSTID=""
HOSTID2=""
HTTPDBINARY=""
IDS_IPS_TOOL_FOUND=0
IPFBINARY=""
IPTABLESBINARY=""
JOURNALCTLBINARY=""
KLDSTATBINARY=""
LAUNCHCTL_BINARY=""
LDAP_CLIENT_CONFIG_FILE=""
LINUX_VERSION=""
LINUXCONFIGFILE=""
LMDBINARY=""
LMDFOUND=0
LOGFILE=""
LOGDIR=""
LOGTEXT=1
LSVGBINARY=""
MACHINEID=""
MACHINE_ROLE=""
MALWARE_SCANNER_INSTALLED=0
MIN_PASSWORD_LENGTH=-1
MONGODB_RUNNING=0
MOUNTBINARY=""
MTREEBINARY=""
MYSQLCLIENTBINARY=""
MYSQL_RUNNING=0
N_PLUGIN=0
N_PLUGIN_ENABLED=0
NAME_CACHE_USED=0
NETWORK_INTERFACES=""
NFTBINARY=""
NGINX_ACCESS_LOG_DISABLED=0
NGINX_ACCESS_LOG_MISSING=0
NGINX_ALIAS_FOUND=0
NGINX_ALLOW_FOUND=0
NGINX_DENY_FOUND=0
NGINX_ERROR_LOG_DEBUG=0
NGINX_ERROR_LOG_MISSING=0
NGINX_EVENTS_COUNTER=0
NGINX_EXPIRES_FOUND=0
NGINX_FASTCGI_FOUND=0
NGINX_FASTCGI_PARAMS_FOUND=0
NGINX_FASTCGI_PASS_FOUND=0
NGINX_HTTP_COUNTER=0
NGINX_LISTEN_FOUND=0
NGINX_LOCATION_COUNTER=0
NGINX_LOCATION_FOUND=0
NGINX_SERVER_COUNTER=0
NGINX_SSL_CIPHERS=0
NGINX_SSL_ON=0
NGINX_SSL_PREFER_SERVER_CIPHERS=0
NGINX_SSL_PROTOCOLS=0
NGINX_RETURN_FOUND=0
NGINX_ROOT_FOUND=0
NGINX_WEAK_SSL_PROTOCOL_FOUND=0
NTPD_ROLE=""
NTPQBINARY=""
OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY=0
OPTIONS_CONN_MAX_WAIT_STATE=""
ORACLE_RUNNING=0
OS=""
OS_KERNELVERSION=""
OS_KERNELVERSION_FULL=""
OS_MODE=""
OS_REDHAT_OR_CLONE=0
OSIRISBINARY=""
PACMANBINARY=""
PASSWORD_MAXIMUM_DAYS=-1
PASSWORD_MINIMUM_DAYS=-1
PAM_2F_AUTH_ENABLED=0
PAM_2F_AUTH_REQUIRED=0
PAM_AUTH_BRUTE_FORCE_PROTECTION=0
PAM_PASSWORD_HISTORY_AMOUNT=0
PAM_PASSWORD_HISTORY_ENABLED=0
PAM_PASSWORD_STRENGTH_TESTED=0
PAM_PASSWORD_PWHISTORY_ENABLED=0
PAM_PASSWORD_UXHISTORY_ENABLED=0
PFCTLBINARY=""
PFFOUND=0
PGREPBINARY=""
PIDFILE=""
PKG_BINARY=""
PKGADMINBINARY=""
PLUGINDIR=""
PLUGIN_PHASE=0
POSTFIXBINARY=""
POSTGRES_RUNNING=0
PRIVILEGED=0
PROFILES=""
PROFILEVALUE=""
PSBINARY="ps"
PUPPETBINARY=""
READLINKBINARY=""
REDIS_RUNNING=0
REFRESH_REPOSITORIES=1
REMOTE_LOGGING_ENABLED=0
RESOLV_DOMAINNAME=""
RKHUNTERBINARY=""
ROOTDIR="/"
ROOTSHBINARY=""
RPCINFOBINARY=""
RPMBINARY=""
RUN_HELPERS=0
RUN_TESTS=1
RUN_UPDATE_CHECK=1
SALTMASTERBINARY=""
SALTMINIONBINARY=""
SAMHAINBINARY=""
SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW=""
SEARCH_PROFILES=""
SESTATUSBINARY=""
SERVICE_MANAGER=""
SETBINARY=""
SETTINGS=""
SETTINGS_FILE=""
SET_STRICT=0
SHELL_IS_BUSYBOX=0
SHOWMOUNTBINARY=""
SHOW_PROGRAM_DETAILS=1
SHOW_REPORT=1
SHOW_REPORT_SOLUTION=1
SHOW_TOOL_TIPS=1 # Show inline tool tips (default true)
SHOW_WARNINGS_ONLY=0
SKIP_PLUGINS=0
SKIP_TESTS=""
SKIPREASON=""
SKIPPED_TESTS_ROOTONLY=""
SMTPCTLBINARY=""
SNORTBINARY=""
SSHKEYSCANBINARY=""
SSHKEYSCANFOUND=0
SSL_CERTIFICATE_PATHS=""
STUNNELBINARY=""
SYSLOGNGBINARY=""
SYSTEMCTLBINARY=""
SYSTEM_IS_NOTEBOOK=255
TEMP_FILE=""
TEMP_FILES=""
TEST_SKIP_ALWAYS=""
TEST_AVAILABLE_CATEGORIES="performance privacy security"
TEST_CATEGORY_TO_CHECK="all"
TEST_GROUP_TO_CHECK="all"
TESTS_EXECUTED=""
TESTS_SKIPPED=""
TMPFILE=""
TOOLTIP_SHOWED=0
TOTAL_SUGGESTIONS=0
TOTAL_WARNINGS=0
TRBINARY=""
TRIPWIREBINARY=""
UEFI_BOOTED=0
UEFI_BOOTED_SECURE=0
UNAMEBINARY=""
UNBOUND_RUNNING=0
UNIQBINARY=""
UPDATE_CHECK_SKIPPED=0
UPLOAD_OPTIONS=""
UPLOAD_PROXY_PORT=""
UPLOAD_PROXY_PROTOCOL=""
UPLOAD_PROXY_SERVER=""
UPLOAD_TOOL=""
UPLOAD_TOOL_ARGS=""
VALUE=""
VERBOSE=0
VMTYPE=""
VULNERABLE_PACKAGES_FOUND=0
WCBINARY=""
XARGSBINARY=""
YUMBINARY=""
ZYPPERBINARY=""
#
#################################################################################
#
# * Options
#
#################################################################################
#
CRONJOB=0 # Run as a cronjob
CTESTS_PERFORMED=0 # Number of tests which are performed
DEBUG=0 # Debugging mode (to screen)
HPPOINTS=0 # Number of hardening points
HPTOTAL=0 # Maximum number of hardening points
LOG_INCORRECT_OS=1 # Log tests with incorrect OS
NEVERBREAK=0 # Don't wait for user input
PENTESTINGMODE=0 # Try tests without root privileges
QUICKMODE=1 # Don't wait for user input
QUIET=0 # Show normal messages and warnings as well
SKIPLOGTEST=0 # Skip logging for one test
SKIP_UPGRADE_TEST=0 # Skip upgrade test
TESTS_TO_PERFORM="" # Which tests only to perform
TEST_PAUSE_TIME=0 # Default pause time
TOTAL_TESTS=0 # Total amount of tests (counter)
UPLOAD_DATA=0 # Upload of data to central node
VIEWHELP=0 # Show help
WRONGOPTION=0 # A wrong option is used
#
#################################################################################
#
# Installed packages and other settings
COMPILER_INSTALLED=0
#
#################################################################################
#
# * Colors
#
# For improved display
#
#################################################################################
#
# Normal color names
CYAN="�[0;36m"
BLUE="�[0;34m"
BROWN="�[0;33m"
DARKGRAY="�[0;30m"
GRAY="�[0;37m"
GREEN="�[1;32m"
LIGHTBLUE="�[0;94m"
MAGENTA="�[1;35m"
PURPLE="�[0;35m"
RED="�[1;31m"
YELLOW="�[1;33m"
WHITE="�[1;37m"
# Markup
BOLD="${WHITE}"
# With background
BG_BLUE="�[0;44m"
# Semantic names
HEADER="${WHITE}"
NORMAL="�[0;39m"
WARNING="�[1;31m" # Bad (red)
SECTION="�[1;33m" # Section (yellow)
NOTICE="�[1;33m" # Notice (yellow)
OK="�[1;32m" # Ok (green)
BAD="�[1;31m" # Bad (red)
#
#################################################################################
#
#================================================================================
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com