#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2013, Michael Boelen
# Copyright 2007-2019, CISOfy
#
# Website  : https://cisofy.com
# Blog     : http://linux-audit.com
# GitHub   : https://github.com/CISOfy/lynis
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Operating System detection
#
#################################################################################
#
    # Check operating system
    case $(uname) in

        # IBM AIX
        AIX)
            OS="AIX"
            OS_NAME="AIX"
            OS_VERSION=$(oslevel)
            OS_FULLNAME="AIX ${OS_VERSION}"
            CPU=$(uname -p)
            HARDWARE=$(uname -M)
            FIND_BINARIES="whereis -b"
            SYSCTL_READKEY=""
        ;;

        # Mac OS X and macOS
        Darwin)
            OS="macOS"
            if [ -x /usr/bin/sw_vers ]; then
                OS_NAME=$(/usr/bin/sw_vers -productName)
                OS_VERSION=$(/usr/bin/sw_vers -productVersion)
                OS_VERSION_NAME="unknown"
                OS_FULLNAME="macOS (unknown version)"
                case ${OS_VERSION} in
                    10.0 | 10.0.[0-9]*) OS_FULLNAME="Mac OS X 10.0 (Cheetah)" ;;
                    10.1 | 10.1.[0-9]*) OS_FULLNAME="Mac OS X 10.1 (Puma)" ;;
                    10.2 | 10.2.[0-9]*) OS_FULLNAME="Mac OS X 10.2 (Jaguar)" ;;
                    10.3 | 10.3.[0-9]*) OS_FULLNAME="Mac OS X 10.3 (Panther)" ;;
                    10.4 | 10.4.[0-9]*) OS_FULLNAME="Mac OS X 10.4 (Tiger)" ;;
                    10.5 | 10.5.[0-9]*) OS_FULLNAME="Mac OS X 10.5 (Leopard)" ;;
                    10.6 | 10.6.[0-9]*) OS_FULLNAME="Mac OS X 10.6 (Snow Leopard)" ;;
                    10.7 | 10.7.[0-9]*) OS_FULLNAME="Mac OS X 10.7 (Lion)" ;;
                    10.8 | 10.8.[0-9]*) OS_FULLNAME="Mac OS X 10.8 (Mountain Lion)" ;;
                    10.9 | 10.9.[0-9]*) OS_FULLNAME="Mac OS X 10.9 (Mavericks)" ;;
                    10.10 | 10.10.[0-9]*) OS_FULLNAME="Mac OS X 10.10 (Yosemite)" ;;
                    10.11 | 10.11.[0-9]*) OS_FULLNAME="Mac OS X 10.11 (El Capitan)" ;;
                    10.12 | 10.12.[0-9]*) OS_FULLNAME="macOS Sierra (${OS_VERSION})" ;;
                    10.13 | 10.13.[0-9]*) OS_FULLNAME="macOS High Sierra (${OS_VERSION})" ;;
                    10.14 | 10.14.[0-9]*) OS_FULLNAME="macOS Mojave (${OS_VERSION})" ;;
                    *) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;;
                esac
            else
                # Fall back to a fairly safe name
                OS_NAME="macOS"
                # uname -s -r shows Darwin 16.1.0
                OS_FULLNAME=$(uname -s -r)
                # shows 16.1.0 for Darwin's version, not macOS's
                OS_VERSION=$(uname -r)
            fi
            HARDWARE=$(uname -m)
            HOMEDIRS="/Users"
            FIND_BINARIES="whereis"
            OS_KERNELVERSION=$(uname -r)
            SYSCTL_READKEY=""
        ;;

        # DragonFly BSD
        DragonFly)
            OS="DragonFly"
            OS_NAME="DragonFly BSD"
            OS_FULLNAME=$(uname -s -r)
            OS_VERSION=$(uname -r)
            HARDWARE=$(uname -m)
            HOMEDIRS="/home /root"
            FIND_BINARIES="whereis -q -a -b"
            OS_KERNELVERSION=$(uname -i)
            SYSCTL_READKEY="sysctl -n"
        ;;

        # FreeBSD
        FreeBSD)
            OS="FreeBSD"
            OS_NAME="FreeBSD"
            OS_FULLNAME=$(uname -s -r)
            OS_VERSION=$(uname -r)
            HARDWARE=$(uname -m)
            HOMEDIRS="/home /root"
            FIND_BINARIES="whereis -q -a -b"
            OS_KERNELVERSION=$(uname -i)
            SYSCTL_READKEY="sysctl -n"

            # TrueOS
            if [ -f /etc/defaults/trueos ]; then
                OS_NAME="TrueOS"
                LogText "Result: found TrueOS file, system is completely based on FreeBSD though. Only adjusting OS name."
            fi
        ;;

        # HP-UX
        HP-UX)
            OS="HP-UX"
            OS_NAME="HP-UX"
            OS_FULLNAME=$(uname -s -r)
            OS_VERSION=$(uname -r)
            HARDWARE=$(uname -m)
            FIND_BINARIES="whereis -b"
            SYSCTL_READKEY=""
            LOGDIR="/var/adm/syslog"
        ;;

        # Linux
        Linux)
            OS="Linux"
            OS_NAME="Linux"
            OS_FULLNAME=""
            OS_VERSION=$(uname -r)
            LINUX_VERSION=""
            HARDWARE=$(uname -m)
            HOMEDIRS="/home"
            FIND_BINARIES="whereis -b"
            OS_KERNELVERSION_FULL=$(uname -r)
            OS_KERNELVERSION=$(echo ${OS_KERNELVERSION_FULL} | sed 's/-.*//')
            if [ -e /dev/grsec ]; then GRSEC_FOUND=1; fi

            # Generic
            if [ -e /etc/os-release ]; then
                OS_ID=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
                if [ ! -z "${OS_ID}" ]; then
                    case ${OS_ID} in
                        "arch")
                            LINUX_VERSION="Arch Linux"
                            OS_FULLNAME="Arch Linux"
                            OS_VERSION="Rolling release"
                        ;;
                        "coreos")
                            LINUX_VERSION="CoreOS"
                            OS_FULLNAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
                            OS_NAME="CoreOS Linux"
                        ;;
                        "manjaro")
                            LINUX_VERSION="Manjaro Linux"
                            OS_FULLNAME="Manjaro Linux"
                            OS_VERSION="Rolling release"
                        ;;
                        "ubuntu")
                            LINUX_VERSION="Ubuntu"
                            OS_FULLNAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
                            OS_NAME="Ubuntu Linux"
                        ;;
                        "opensuse-tumbleweed")
                            LINUX_VERSION="openSUSE Tumbleweed"
                            OS_FULLNAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
                            # It's rolling release but has a snapshot version (the date of the snapshot)
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
                            OS_NAME="openSUSE"
                        ;;
                        "opensuse-leap")
                            LINUX_VERSION="openSUSE Leap"
                            OS_FULLNAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
                            OS_NAME="openSUSE"
                        ;;
                        *)
                            Debug "Unknown OS found in /etc/os-release. Do you know what it is? Create an issue at ${PROGRAM_SOURCE}"
                        ;;
                    esac
                fi
            fi

            # Amazon
            if [ -e "/etc/system-release" ]; then
                FIND=$(grep "Amazon" /etc/system-release)
                if [ ! "${FIND}" = "" ]; then
                    OS_REDHAT_OR_CLONE=1
                    OS_FULLNAME=$(grep "^Amazon" /etc/system-release)
                    OS_VERSION=$(grep "^Amazon" /etc/system-release | awk '{ if ($4=="release") { print $5 } }')
                    LINUX_VERSION="Amazon"
                fi
            fi

            # Arch Linux
            if [ -z "${OS_FULLNAME}" -a -e "/etc/arch-release" ]; then
                OS_FULLNAME="Arch Linux"
                OS_VERSION="Unknown"
                LINUX_VERSION="Arch Linux"
            fi

            # Chakra Linux
            if [ -e "/etc/chakra-release" ]; then
                OS_FULLNAME=$(grep "^Chakra" /etc/chakra-release)
                OS_VERSION=$(awk '/^Chakra/ { if ($3=="release") { print $4 }}' /etc/chakra-release)
                LINUX_VERSION="Chakra Linux"
            fi

            # Cobalt
            if [ -e "/etc/cobalt-release" ]; then OS_FULLNAME=$(cat /etc/cobalt-release); fi
            # CPUBuilders Linux
            if [ -e "/etc/cpub-release" ]; then OS_FULLNAME=$(cat /etc/cpub-release); fi

            # Debian/Ubuntu (***) - Set first to Debian
            if [ -e "/etc/debian_version" ]; then
                OS_VERSION=$(cat /etc/debian_version)
                OS_FULLNAME="Debian ${OS_VERSION}"
                LINUX_VERSION="Debian"
            fi

            # /etc/lsb-release does not exist on Debian
            if [ -e "/etc/debian_version" -a -e /etc/lsb-release ]; then
                OS_VERSION=$(cat /etc/debian_version)
                FIND=$(grep "^DISTRIB_ID=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g')
                if [ "${FIND}" = "Ubuntu" ]; then
                    OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2)
                    OS_FULLNAME="Ubuntu ${OS_VERSION}"
                    LINUX_VERSION="Ubuntu"
                elif [ "${FIND}" = "elementary OS" ]; then
                    LINUX_VERSION="elementary OS"
                    OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2)
                    OS_FULLNAME=$(grep "^DISTRIB_DESCRIPTION=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g')
                else
                    # Catch all, in case it's unclear what specific release this is.
                    OS_FULLNAME="Debian ${OS_VERSION}"
                    LINUX_VERSION="Debian"
                fi
                # Ubuntu test (optional) $(grep "[Uu]buntu" /proc/version)
            fi

            # Override for Linux Mint, as that is initially detected as Debian or Ubuntu
            if [ -x /usr/bin/lsb_release ]; then
                FIND=$(lsb_release --id | awk -F: '{ print $2 }' | awk '{ print $1 }')
                if [ "${FIND}" = "LinuxMint" ]; then
                    LINUX_VERSION="Linux Mint"
                    OS_VERSION=$(lsb_release --release | awk '{ print $2 }')
                    OS_FULLNAME="Linux Mint ${OS_VERSION}"
                fi
            fi

            # E-smith
            if [ -e "/etc/e-smith-release" ]; then OS_FULLNAME=$(cat /etc/e-smith-release); fi

            # Gentoo
            if [ -e "/etc/gentoo-release" ]; then LINUX_VERSION="Gentoo"; OS_FULLNAME=$(cat /etc/gentoo-release); fi

            # Red Hat and others
            if [ -e "/etc/redhat-release" ]; then
                OS_REDHAT_OR_CLONE=1

                # CentOS
                FIND=$(grep "CentOS" /etc/redhat-release)
                if [ ! "${FIND}" = "" ]; then
                    OS_FULLNAME=$(grep "CentOS" /etc/redhat-release)
                    LINUX_VERSION="CentOS"
                    OS_VERSION="${OS_FULLNAME}"
                fi

                # ClearOS
                FIND=$(grep "ClearOS" /etc/redhat-release)
                if [ ! "${FIND}" = "" ]; then
                    OS_FULLNAME=$(grep "ClearOS" /etc/redhat-release)
                    LINUX_VERSION="ClearOS"
                    OS_VERSION="${OS_FULLNAME}"
                fi

                # Fedora
                FIND=$(grep "Fedora" /etc/redhat-release)
                if [ ! "${FIND}" = "" ]; then
                    OS_FULLNAME=$(grep "Fedora" /etc/redhat-release)
                    OS_VERSION="${OS_FULLNAME}"
                    LINUX_VERSION="Fedora"
                fi

                # Mageia (has also /etc/megaia-release)
                FIND=$(grep "Mageia" /etc/redhat-release)
                if [ ! "${FIND}" = "" ]; then
                    OS_FULLNAME=$(grep "^Mageia" /etc/redhat-release)
                    OS_VERSION=$(grep "^Mageia" /etc/redhat-release | awk '{ if ($2=="release") { print $3 } }')
                    LINUX_VERSION="Mageia"
                fi

                # Oracle Enterprise Linux
                FIND=$(grep "Enterprise Linux Enterprise Linux Server" /etc/redhat-release)
                if [ ! "${FIND}" = "" ]; then
                    LINUX_VERSION="Oracle Enterprise Linux"
                    OS_FULLNAME=$(grep "Enterprise Linux" /etc/redhat-release)
                    OS_VERSION="${OS_FULLNAME}"
                fi

                # Oracle Enterprise Linux
                if [ -e /etc/oracle-release ]; then
                    FIND=$(grep "Oracle Linux Server" /etc/oracle-release)
                    if [ ! "${FIND}" = "" ]; then
                        LINUX_VERSION="Oracle Enterprise Linux"
                        OS_FULLNAME=$(grep "Oracle Linux" /etc/oracle-release)
                        OS_VERSION="${OS_FULLNAME}"
                    fi
                fi

                # Oracle VM Server
                if [ -e /etc/ovs-release ]; then
                    FIND=$(grep "Oracle VM" /etc/ovs-release)
                    if [ ! "${FIND}" = "" ]; then
                        LINUX_VERSION="Oracle VM Server"
                        OS_FULLNAME=$(grep "Oracle VM" /etc/ovs-release)
                        OS_VERSION="${OS_FULLNAME}"
                    fi
                fi

                # Scientific
                FIND=$(grep "Scientific" /etc/redhat-release)
                if [ ! "${FIND}" = "" ]; then
                    OS_FULLNAME=$(grep "^Scientific" /etc/redhat-release)
                    OS_VERSION=$(grep "^Scientific" /etc/redhat-release | awk '{ if ($3=="release") { print $4 } }')
                    LINUX_VERSION="Scientific"
                fi

                if [ -z "${LINUX_VERSION}" ]; then
                    # Red Hat
                    FIND=$(grep "Red Hat" /etc/redhat-release)
                    if [ ! "${FIND}" = "" ]; then
                        OS_FULLNAME=$(grep "Red Hat" /etc/redhat-release)
                        OS_VERSION="${OS_FULLNAME}"
                        LINUX_VERSION="Red Hat"
                    fi
                fi

            fi

            # PCLinuxOS
            if [ -f /etc/pclinuxos-release ]; then
                FIND=$(grep "^PCLinuxOS" /etc/pclinuxos-release)
                if [ ! "${FIND}" = "" ]; then
                    OS_FULLNAME="PCLinuxOS Linux"
                    LINUX_VERSION="PCLinuxOS"
                    OS_VERSION=$(grep "^PCLinuxOS" /etc/pclinuxos-release | awk '{ if ($2=="release") { print $3 } }')
                fi
            fi

            # Sabayon Linux
            if [ -f /etc/sabayon-edition ]; then
                FIND=$(grep "Sabayon Linux" /etc/sabayon-edition)
                if [ ! "${FIND}" = "" ]; then
                    OS_FULLNAME="Sabayon Linux"
                    LINUX_VERSION="Sabayon"
                    OS_VERSION=$(awk '{ print $3 }' /etc/sabayon-edition)
                fi
            fi

            if [ -f /etc/SLOX-release ]; then
                OS_FULLNAME=$(grep "SuSE Linux" /etc/SLOX-release)
                LINUX_VERSION="SuSE"
            fi

            # Slackware
            if [ -f /etc/slackware-version ]; then
                LINUX_VERSION="Slackware"
                OS_VERSION=$(grep "^Slackware" /etc/slackware-version | awk '{ if ($1=="Slackware") { print $2 } }')
                OS_FULLNAME="Slackware Linux ${OS_VERSION}"
            fi

            # SuSE
            if [ -e "/etc/SuSE-release" ]; then
                OS_VERSION=$(head -n 1 /etc/SuSE-release)
                LINUX_VERSION="SuSE"
            fi

            # Turbo Linux
            if [ -e "/etc/turbolinux-release" ]; then OS_FULLNAME=$(cat /etc/turbolinux-release); fi

            # YellowDog
            if [ -e "/etc/yellowdog-release" ]; then OS_FULLNAME=$(cat /etc/yellowdog-release); fi

            # VMware
            if [ -e "/etc/vmware-release" ]; then
                OS_FULLNAME=$(cat /etc/vmware-release)
                OS_VERSION=$(uname -r)
                IS_VMWARE_ESXI=$(vmware -vl | grep VMware ESXi)
                if [ ! "${IS_VMWARE_ESXI}" = "" ]; then
                    OS_FULLNAME="VMware ESXi ${OS_VERSION}"
                fi
            fi

            # ===================================================================
            # Set OS name to the discovered Linux version
            if [ ! "${LINUX_VERSION}" = "" -a "${OS_NAME}" = "Linux" ]; then
                OS_NAME="${LINUX_VERSION}"
            fi
            # If Linux version (full name) is unknown, use uname value
            if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=$(uname -s -r); fi
            SYSCTL_READKEY="sysctl -n"
        ;;

        # NetBSD
        NetBSD)
            OS="NetBSD"
            OS_NAME="NetBSD"
            OS_FULLNAME=$(uname -s -r)
            OS_KERNELVERSION=$(uname -v)
            OS_VERSION=$(uname -r)
            HARDWARE=$(uname -m)
            FIND_BINARIES="whereis"
            SYSCTL_READKEY=""
        ;;

        # OpenBSD
        OpenBSD)
            OS="OpenBSD"
            OS_NAME="OpenBSD"
            OS_FULLNAME=$(uname -s -r)
            OS_KERNELVERSION=$(uname -v)
            OS_VERSION=$(uname -r)
            HARDWARE=$(uname -m)
            FIND_BINARIES="whereis"
            SYSCTL_READKEY=""
        ;;

        # Solaris / OpenSolaris
        SunOS)
            OS="Solaris"
            OS_NAME="Sun Solaris"
            OS_FULLNAME=$(uname -s -r)
            OS_VERSION=$(uname -r)
            HARDWARE=$(uname -m)
            if [ -x /usr/bin/isainfo ]; then
                # Returns 32, 64
                OS_MODE=$(/usr/bin/isainfo -b)
            fi
            SYSCTL_READKEY=""
        ;;

        # VMware products
        VMkernel)
            OS="VMware"
            OS_FULLNAME=""
            OS_VERSION=""
            HARDWARE=$(uname -m)
            if [ -e "/etc/vmware-release" ]; then
                OS_FULLNAME=$(cat /etc/vmware-release)
                OS_VERSION=$(uname -r)
            fi
            HAS_VMWARE_UTIL=$(which vmware 2> /dev/null | grep -v "no [^ ]* in ")
            if [ ! "${HAS_VMWARE_UTIL}" = "" ]; then
                IS_VMWARE_ESXI=$(vmware -vl | grep VMware ESXi)
                if [ ! "${IS_VMWARE_ESXI}" = "" ]; then
                    OS_NAME="VMware ESXi"
                    OS_FULLNAME="VMware ESXi ${OS_VERSION}"
                fi
            fi
        ;;


        # Unknown or unsupported systems
        *)
            echo "[ ${WARNING}WARNING${NORMAL} ]"
            echo "${WARNING}Error${NORMAL}: ${WHITE}Unknown OS found. No support available yet for this OS or platform...${NORMAL}"
            echo "Please consult the README/documentation for more information."
            exit 1
        ;;

    esac

    # Set correct echo binary and parameters after detecting operating system
    ECHONB=""

    case ${OS} in
        "AIX")                           ECHOCMD="echo" ;;
        "DragonFly"|"FreeBSD"|"NetBSD")  ECHOCMD="echo -e"; ECHONB="echo -n" ;;
        "macOS" | "Mac OS X")                         ECHOCMD="echo"; ECHONB="/bin/echo -n" ;;
        "Solaris")                       ECHOCMD="echo" ; test -f /usr/ucb/echo && ECHONB="/usr/ucb/echo -n" ;;
        "Linux")
            # Check if dash is used (Debian/Ubuntu)
            DEFAULT_SHELL=$(ls -l /bin/sh | awk -F'>' '{print $2}')
            case ${DEFAULT_SHELL} in
                " dash")                 ECHOCMD="/bin/echo -e" ;;
                *)                       ECHOCMD="echo -e" ;;
            esac
        ;;
        *)                               ECHOCMD="echo -e" ;;
    esac

    # Check if we have full featured commands, or are using BusyBox as a shell
    if [ -x /bin/busybox ]; then
        if [ -L /bin/ps ]; then
            ShowSymlinkPath /bin/ps
            if [ "${SYMLINK}" = "/bin/busybox" ]; then
                SHELL_IS_BUSYBOX=1
            fi
        fi
    fi

    # Specific checks for hardware

    # Detect if we are using a QNAP NAS
    if [ -d /share/CACHEDEV1_DATA/.qpkg ]; then
        QNAP_DEVICE=1
    fi

    # Check if this OS is end-of-life
    EOL=255
    EOL_DATE=""
    EOL_TIMESTAMP=0
    if [ ! -z "${OS_VERSION}" ]; then
        if [ -f "${DBDIR}/software-eol.db" ]; then
            FIND="${OS_FULLNAME}"
            EOL_TIMESTAMP=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $4}}' ${DBDIR}/software-eol.db | head -n 1)
            if [ ! -z "${EOL_TIMESTAMP}" ]; then
                EOL_DATE=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $3}}' ${DBDIR}/software-eol.db | head -n 1)
                NOW=$(date "+%s")
                if [ ! -z "${NOW}" ]; then
                    if [ ${NOW} -gt ${EOL_TIMESTAMP} ]; then
                        EOL=1
                    else
                        EOL=0
                    fi
                fi
            fi
        fi
    fi


#================================================================================
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com