#!/bin/sh

#################################################################################
#
# This is the custom tests file and serves as a template.
#
# The language used in bourne shell (not bash). That means that almost everything
# you could use in bash, will also work here. Arrays and advanced substitutions
# will not work.
#
# How to use:
#
# Copy this file to the 'include' directory and name it tests_custom
# Find your includedir with: lynis show includedir
#
#################################################################################
#
# Tips:
#
# Use each test ID only once in the Register function and prefix them with CUST
#
# Use big steps (e.g. 10) in numbering, so you can easily put in tests later.
#
# Help the community and share your checks on https://github.com/CISOfy/lynis/
#
#################################################################################
#
    # Test        : CUST-0010
    # Description : We show some lines on the screen

    # Register our first custom test
    # We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed
    # --test-no   unique ID
    # --weight    L/M/H
    # --category  category (e.g. performance, privacy, security)
    Register --test-no CUST-0010 --weight L --network NO --category security --description "A test for displaying things on screen"
    if [ ${SKIPTEST} -eq 0 ]; then
        # The Display function makes it easy to show something on screen, with colors.
        # --indent  defines amount of spaces
        # --text    text to be displayed on screen
        # --result  text at end of line
        # --color   color of result text
        Display --indent 2 --text "- Checking if everything is OK..." --result "${STATUS_OK}" --color GREEN
        Display --indent 4 --text "This shows one level deeper " --result "${STATUS_NO}" --color YELLOW
        Display --indent 6 --text "And even deeper" --result "${STATUS_WARNING}" --color RED
    fi
#
#################################################################################
#
    # Test        : CUST-0020
    # Description : We show some lines on the screen
    Register --test-no CUST-0020 --weight L --network NO --category security --description "Dealing with files and directories"
    if [ ${SKIPTEST} -eq 0 ]; then

        # With -d we can test for directories, -f is for files, -L for symlinks.

        # Most tests use the "if-then-else". If something is true, take one step, otherwise the other.
        if DirectoryExists /tmp; then
            LogText "Result: we have a temporary directory"
        else
            LogText "Result: no temporary directory found"
        fi

        # Instead of ready-to-use functions, you can use normal shell script tests, like:
        # if [ -f /etc/file ]; then                     =  Test if file exists
        # if [ -d /var/run/mydirectory ]; then          =  Test if directory exists
        # if [ -L /var/run/mydirectory ]; then          =  Test if symlink exists
        # if [ ${MYVARIABLE} -eq 1 ]; then              =  Test if variable is set to 1 (make sure it was defined at beginning of test)
        # if [ "${MYVARIABLE}" = "Value" ]; then        =  Test if variable is equal to specific value

        # Let's test for a file. We like to find at least one file (file1 or file2)
        if FileExists /etc/file1; then
            LogText "Result: Found file /etc/file1"
        elif FileExists /etc/file2; then
            LogText "Result: Found file /etc/file2"
        else
            LogText "Result: both /etc/file1 and /etc/file2 were not found"
            # Show a warning on screen and in the report. We can specify a detail and how to solve it.
            ReportWarning "${TEST_NO}" "No file /etc/file1 or /etc/file2 available"
        fi

        # If a single value is stored in a variable, using 'case' is very effective.
        # Let's check for a predefined variable OS, which is defined by Lynis
        case ${OS} in
            # Only match one value
            "Linux")
                LogText "Found Linux"
                Display --indent 2 --text "OS: Linux" --result "${STATUS_OK}" --color GREEN
            ;;
            # Matching several platforms
            "FreeBSD" | "NetBSD" | "OpenBSD")
                LogText "Found an operating system based on BSD"
                Display --indent 2 --text "OS: *BSD" --result "${STATUS_OK}" --color GREEN
            ;;
            # Catch-all for other values
            *)
                LogText "Found another operating system"
                ReportSuggestion "${TEST_NO}" "Check if this process is running" "apache" "url:https://cisofy.com/support/"
            ;;
        esac

    fi
#
#################################################################################
#
    # Add a new section to the screen output
    InsertSection "Custom tests - Other"
#
#################################################################################
#
    # Test        : CUST-0040
    # Description : Our second test, with a prequisite test

    # First check if OPENSSLBINARY is known as a prerequisite for this test
    # ! means "not". So if the binary is known, the prerequisite is matched. Otherwise we set it to NO and define a reason why we skipped this test

    if [ ! "${OPENSSLBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; SKIPREASON="No OpenSSL binary found"; fi
    Register --test-no CUST-0040 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight M --network NO --category security --description "Description of custom test"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Set variable to zero, to indicate that we have no problems found (yet)
        FOUNDPROBLEM=0
        DIR="/my/path"
        LogText "Test: we are going to check if we can find a particular directory (${DIR})"
        # Check if a directory exists
        if DirectoryExists ${DIR}; then
            LogText "Result: log entry for easier debugging or additional information"
        else
            FOUNDPROBLEM=1
            LogText "Result: directory ${DIR} was not found!"
            ReportWarning "${TEST_NO}" "This is a test warning line" "${DIR}" "text:Create directory ${DIR}"
        fi

        if [ ${FOUNDPROBLEM} -eq 0 ]; then
            Display --indent 2 --text "- Checking if everything is OK..." --result "${STATUS_OK}" --color GREEN
        else
            Display --indent 2 --text "- Checking if everything is OK..." --result "${STATUS_WARNING}" --color RED
            ReportSuggestion ${TEST_NO} "This is a suggestion"
        fi
    fi
#
#################################################################################
#

# Wait for keypress (unless --quick is being used)
WaitForKeyPress

#
#================================================================================
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com